Apple today activated mandatory age assurance requirements for new Apple Accounts registered in Texas, following a court ruling that lifted an injunction on state law SB 2420. The changes, announced by Apple on June 3, 2026 and effective June 4, 2026, require parental or guardian consent for minors under 18 to download apps, make in-app purchases, and receive access to significant app changes through the App Store.

The activation marks the end of a months-long legal standstill that began when a district court suspended enforcement of the law on December 23, 2025 - days before its originally scheduled January 1, 2026 implementation date. At that point, Apple had paused its implementation plans. Now, a new court ruling has lifted that injunction, and Apple has moved forward with deploying the technical infrastructure it had originally prepared.

What SB 2420 requires

Texas SB 2420, formally known as the App Store Accountability Act, was signed into law and created obligations for app marketplace operators to verify user ages and obtain parental consent before minors can download or purchase software. According to Apple, new Apple Accounts created in Texas are now subject to these requirements. Existing Apple Accounts on iOS 18 and iPadOS 18 or earlier are not affected.

The law defines age categories specifically: under 13, 13-15, 16-17, and over 18. Those brackets are not Apple's own classification - they are defined by Texas state law itself, and the Declared Age Range API returns the appropriate category for users in applicable regions.

Parents and guardians will also be able to revoke consent for any app they had previously approved. When revocation occurs, the app is blocked from launching on the child or teen's device. This enforcement mechanism is handled at the platform level: Apple prevents the app from opening, not the developer.

The Declared Age Range API

The technical foundation for all of this is the Declared Age Range API, a framework that Apple introduced with iOS 26.0 and expanded substantially in subsequent releases. According to Apple's documentation, the framework operates across iOS 26.0+, iPadOS 26.0+, Mac Catalyst 26.0+, and macOS 26.0+.

To use it, developers must add the com.apple.developer.declared-age-range entitlement to their app by enabling the Declared Age Range capability in Xcode. According to Apple, this is a Boolean value indicating whether the app may request a person's age range. Without the entitlement, the API calls will not return data.

For users in a Family Sharing group, a parent, guardian, or Family Organizer can decide whether to always share a child's age information with a given app, ask the child each time, or never share it. Adults and teens outside Family Sharing groups may also choose whether to share their age range. The API returns an AgeRangeService.AgeRangeDeclaration object that encodes the age range provided.

What the API returns goes beyond a simple age bucket. According to Apple's framework documentation, the declaration also signals the method of age assurance - whether verification was done via credit card, government ID, or another method. In practice, this means developers receive a richer context: not just how old the user is, but how reliably that age was confirmed. The API also indicates whether parental controls are enabled and whether the user is eligible for age-gated features.

According to Apple, data from the Declared Age Range API is based on information declared by an end user, or their parent or guardian. Apple places compliance responsibility squarely on the developer: "You are solely responsible for ensuring compliance with associated laws or regulations that may apply to your app."

The framework's availability is global. According to Apple's age assurance Q&A documentation, the Declared Age Range API works worldwide, and people using apps can decide whether to share their age information. In regions where no specific law applies, an age range will still be returned if the user has chosen to share it through the Age Range for Apps feature.

PermissionKit and significant changes

The second major component is PermissionKit, a framework for requesting parental consent when an app undergoes a significant change. According to Apple, it is the developer's responsibility to determine when a change qualifies as significant under applicable regulations. Texas SB 2420 specifically considers a change in an app's age rating to be a significant change.

The framework introduces the SignificantAppUpdateTopic structure, available on iOS 26.2+, iPadOS 26.2+, Mac Catalyst 26.2+, macOS 26.2+, and visionOS 26.2+. When a developer determines that their app has changed significantly, they call the Significant Change API under PermissionKit to request that the parent or guardian provide consent for the child to continue using the app or the new feature.

When the API is called, the child or teen sees a system dialog requesting parental consent. Developers can restrict access to the new functionality until consent is obtained. The description passed to SignificantAppUpdateTopic must be concise and clear - Apple's documentation shows the contrast between an acceptable description ("This update adds video calling and location sharing features") and a vague one ("We've made improvements to the app"). Parents and guardians see this description when deciding whether to grant permission.

A new property type in StoreKit allows developers to automatically detect when their app's age rating has changed on a user's device, and then trigger the PermissionKit consent flow. Developers are expected to keep age rating selections current in App Store Connect; when a developer updates a rating, it propagates to all user devices once the new version goes live.

The third operational piece is a server notification system. According to Apple, when a parent or guardian in Texas withdraws consent for an app, the App Store sends a server-to-server notification. Developers configure their systems to receive these notifications using the RESCIND_CONSENT value from notificationType, following the standard framework for enabling App Store Server Notifications.

The developer must handle the revocation on their end. Apple will prevent the app from launching on the child's device at the system level, but developers are responsible for managing the user experience - including potential restrictions on account data and specific features within the app.

OS requirements and developer tooling

According to Apple's age assurance Q&A, the full set of frameworks requires building against the iOS 26.2 and iPadOS 26.2 SDKs or later, using Xcode 26.2 (build identifier 17C52) or later. Sandbox testing is available for both the Declared Age Range API and the Significant Change API starting with iOS 26.2 beta. Developers can simulate various age range scenarios, location-based restrictions, approval state changes, and consent revocations in that environment before shipping.

A later update, iOS 26.4 and iPadOS 26.4, adds further capabilities to the Declared Age Range API: developers can check eligibility for age-related regulatory features and present system-provided acknowledgement sheets for significant app updates, using AgeRangeService.requiredRegulatoryFeatures and AgeRangeService.showSignificantUpdateAcknowledgement.

For developers distributing apps across the API's staged rollout history, the version boundaries matter. At iOS 26.0, the framework supports self-declared and guardian-declared age ranges. At iOS 26.2, it returns the specific Texas law age categories, identifies the verification method (credit card, government ID, or other), and includes parental control status. At iOS 26.4, additional regulatory eligibility checks and acknowledgement flows become available.

Privacy concerns Apple has maintained

Apple's implementation philosophy for these frameworks reflects a tension the company has expressed publicly. According to Apple's November 4, 2025 developer notice, the company remains "concerned about the potential implications of laws like SB2420 in Texas," specifically that requirements to collect sensitive personal information to download any app - "even those that simply provide weather forecasts or sports scores" - could undermine the privacy of all users.

The design of the Declared Age Range API reflects that concern. Rather than requiring universal identity verification, it allows age information to flow only when a user or their guardian chooses to share it, and only within the Apple Account infrastructure. The API does not expose raw personal data to developers - it returns an age band or category, not a birthdate or government identifier.

Whether this architecture satisfies the letter of Texas SB 2420 is a legal question. According to Apple, developers should consult their legal counsel for questions about compliance obligations in specific regions.

Broader context: other states and regions

The Texas enforcement is not happening in isolation. According to Apple's November 2025 communication to developers, similar requirements were expected in Utah and Louisiana. The regulatory pattern extends beyond the United States: Apple has also referenced Brazil as a jurisdiction with upcoming obligations. Age verification requirements have spread across multiple markets, with platforms adapting their architectures to accommodate them.

Apple's updated App Store age ratings system, announced in July 2025, adds granular 13+, 16+, and 18+ categories and intersects directly with the SB 2420 compliance framework: an age rating change now constitutes a significant change under Texas law, triggering the PermissionKit consent flow.

The debate over where age verification responsibility should sit - at the app store level or at the individual app developer level - has played out across multiple regulatory venues. Google's Global Director of Privacy Safety and Security Policy, Kate Charlet, outlined her company's concerns about app store-level verification in June 2025, arguing it creates privacy risks and inadequate child protection when done centrally. Apple has taken a similar position, preferring a framework where parental disclosure is opt-in and tied to the Family Sharing infrastructure rather than requiring mass data collection at the point of account creation.

What this means for app developers

The activation today requires concrete action from developers whose apps are distributed in Texas and used by minors. The Declared Age Range API is the starting point - it surfaces whether a user is in a regulated region, what their age category is, and whether parental consent is needed for a given interaction. Without that entitlement, an app has no visibility into whether Texas rules apply to a given session.

The PermissionKit integration requires developers to build judgment into their release process. Every time a new version ships, the team needs to assess whether the changes qualify as "significant" under SB 2420. Texas law specifically calls out age rating changes, but the determination for other types of changes - new features, updated data collection practices, new monetisation mechanisms - remains the developer's responsibility and, ultimately, a legal question.

The revocation notification infrastructure means developers need server-side handling for consent withdrawals. An app that silently continues to function after a parent revokes consent risks non-compliance, even if the system has blocked local launch.

App Store Connect age ratings are now operationally significant in a way they were not before. A rating change from 4+ to 12+ or from 12+ to 17+, once processed and distributed, can trigger a consent requirement for every child account using the app in Texas. Developers updating their questionnaire responses should factor in that downstream consequence.

Timeline

  • July 2025: Apple announces updated App Store age ratings system with granular 13+, 16+, and 18+ categories
  • August 3, 2025: X implements age verification system following UK/EU safety regulations effective July 25, 2025
  • November 4, 2025: Apple publishes developer notice "Next steps for apps distributed in Texas," announcing APIs in beta versions of iOS 26.2 and iPadOS 26.2, with Texas requirements set to begin January 1, 2026
  • December 23, 2025: District court issues injunction suspending enforcement of Texas SB 2420; Apple pauses implementation plans
  • December 26, 2025: PPC Land covers Apple's pause of the Texas age verification rollout following the injunction
  • June 3, 2026: Apple publishes updated developer notice stating a new court ruling has lifted the injunction on SB 2420, with enforcement beginning June 4, 2026; Declared Age Range API and PermissionKit required for compliant apps
  • June 4, 2026: Age assurance requirements under Texas SB 2420 take effect for new Apple Accounts in Texas

Summary

Who: Apple, app developers distributing software in Texas, and users holding new Apple Accounts in Texas - specifically minors under 18 and their parents or guardians.

What: Apple has activated enforcement of Texas SB 2420 (App Store Accountability Act), requiring age assurance and parental or guardian consent for minors to download apps, make in-app purchases, and access significant app changes. Developers are required to implement the Declared Age Range API, the Significant Change API under PermissionKit, a new age rating property type in StoreKit, and App Store server notifications for consent revocations.

When: The technical activation was announced June 3, 2026, with requirements taking effect June 4, 2026 for new Apple Accounts in Texas. The API framework has been available in beta since iOS 26.2 and iPadOS 26.2; the full regulatory scope of the Declared Age Range API expanded at iOS 26.4.

Where: The requirements apply specifically to new Apple Accounts created in Texas. The Declared Age Range API is available globally but returns Texas-specific age categories only for accounts in the applicable region. Developer tooling spans iOS, iPadOS, macOS, Mac Catalyst, and visionOS platforms.

Why: A court ruling lifted the injunction that had suspended enforcement of Texas SB 2420 since December 23, 2025. The law - originally scheduled to take effect January 1, 2026 - mandates age verification and parental consent mechanisms for app marketplaces and developers operating in Texas, with the stated goal of preventing minors from accessing inappropriate content without guardian approval. Apple has expressed concerns about the privacy implications of the law while providing the technical infrastructure developers need to comply with it.