A bill introduced in the U.S. House of Representatives would require every operating system provider in the country to verify the identity of every user before that user can operate a computer. Not just children. Every user.

H.R. 8250, introduced April 13 by Rep. Josh Gottheimer (D-NJ) and Rep. Elise Stefanik (R-NY) and referred to the House Committee on Energy and Commerce, is titled the Parents Decide Act. Its actual mechanics tell a different story.

What the Bill Says

The legislation is two pages, double-spaced, and largely blank where the details matter most.

Under Section 2(a), operating system providers must require any user to provide their date of birth to set up an account or use the operating system. If the user is under 18, a parent or guardian must verify that date of birth. And — the provision that matters most — the OS provider must develop a system allowing app developers to access whatever information is necessary to verify a user’s age.

That last requirement isn’t a parental control feature. It’s a mandate to build a standardized identity query API into every operating system, accessible to every app developer. Once that infrastructure exists, every application on the device can ask the OS: how old is this user?

The bill doesn’t define what “verify” means. It doesn’t specify what identity documents are required, how long data is retained, or what exactly flows through the app developer API. All of that is delegated to the Federal Trade Commission, which has 180 days after enactment to write the rules.

🍁 Make a One-Time Contribution — Stand Up for Accountability in Vermont 🍁

The FTC Fills In the Blanks

Handing implementation to the FTC isn’t a minor procedural detail. It means the actual system — what identity documents are required, what data is stored, how it moves through the app ecosystem — will be designed by an unelected agency under a rulemaking process, not by Congress.

The bill’s safe harbor provision reinforces this: OS providers can’t be held liable for violations if they follow whatever the FTC eventually mandates. That’s not consumer protection. That’s an incentive structure guaranteeing full compliance with whatever rules the agency writes, no matter how invasive.

The Infrastructure Problem

The framing around protecting children obscures a technical reality. Building a reliable age verification system at the OS level requires tying identity to the device at setup. For that signal to be trustworthy enough that app developers can rely on it — as the bill requires — it has to be tied to something real. A name. A document. A verified identity.

That creates what security professionals would describe as a high-value consolidated target. Right now, age and identity data is fragmented across hundreds of services, collected inconsistently, often inaccurately. This proposal centralizes it at the OS layer — one of the most widely deployed pieces of infrastructure in the country.

Concentrated data doesn’t eliminate risk. It changes the scale of failure when something goes wrong. And in the history of large identity databases, something always goes wrong.

The Compliance Pipeline Is Already Being Built

This bill doesn’t arrive in a vacuum. Apple has already rolled out its Declared Age Range API in beta, currently active in Utah, Louisiana, Brazil, Australia, and Singapore in response to existing state laws. Google’s Play Age Signals API launched in beta for the same purpose. California’s AB 1043 requires every operating system provider, including Apple, Google, and Microsoft, to collect user age at setup and broadcast an age-bracket signal to apps by January 1, 2027.

H.R. 8250 would take that state-level patchwork and make it a federal mandate — one standard, one pipeline, enforced by one agency, across every operating system in the country.

The Open Systems Problem

The bill defines an operating system as software supporting the basic functions of “a computer, mobile device, or any other general purpose computing device.” Operating system provider is defined as anyone who “develops, licenses, or controls” such software.

That definition doesn’t carve out open-source systems. Linux distributions, custom builds, and privacy-focused systems like Tails — which exists specifically to leave no persistent identity data on a device — have no centralized account infrastructure to build this into. The bill offers no guidance on how those systems would comply, who would enforce it, or what happens when they don’t.

Compelled Code

Section 2(a)(3) states that OS providers “shall develop a system” to expose user age data to app developers. Not may. Shall.

Federal courts have previously held that computer code carries First Amendment protections. Requiring developers to write and distribute specific code that collects identity data and exposes it to third parties is compelled speech under that framework — a legal question the bill doesn’t acknowledge.

The Bill’s Actual Name

The short title is the Parents Decide Act. What parents decide under the bill’s actual text is limited to which apps a verified minor can access on a device whose identity infrastructure was designed by the FTC, built by Apple or Microsoft, and queried by every developer on the platform.

The bill remains in committee. No hearing has been scheduled.

If you found this information valuable and want to support independent journalism in Vermont, become a supporter for just $5/month today!

Dave Soulia | FYIVT

You can find FYIVT on YouTube | X(Twitter) | Facebook | Instagram

#fyivt #ParentsDecideAct #HR8250 #DigitalPrivacy

Support Us for as Little as $5 – Get In The Fight!!

Make a Big Impact with $25/month—Become a Premium Supporter!

Join the Top Tier of Supporters with $50/month—Become a SUPER Supporter!