Age
Reads age signals across OS, app, and household.
One age signal, every downstream decision.
Every modern child-safety law turns on knowing the child’s age. KOSA needs the age band; COPPA needs under-13; CA AB 1043 introduces OS-level age signals; UT App Store Accountability Act + TX SB 2420 require app-store age attestations; China’s Age Confirmation makes platforms verify before access. Each platform implements its own age-determination flow with its own gaps.
Age is the canonical age-signal-handling layer. It ingests OS-level age bands (Apple/Google), app-store age attestations (Utah/Texas/China), parental attestations (cryptographically signed, renewed every 180 days), and falls back gracefully through hard-ID escalation only for the highest-risk categories (gambling, AI companion, adult content). Every downstream Phosra capability — Tier, Consent, Block — receives the same age band from the same source.
Platforms stop reinventing age verification per statute. Parents stop attesting to age six different ways. Regulators get a single, auditable age-signal source per child account.
Age is a socket. Age signals flow in. A canonical band flows out.
These are the upstream age-signal sources Age federates — either shipping today, in conversation with a partner, or pending an upstream API.
What Age does for each statute.
- CA AB 1043 (OS Age Signal)— consumes Apple/Google OS-level age signals at the network layer.
- UT App Store Accountability Act + TX SB 2420— performs app-store age attestation at install.
- China Age Confirmation— verifies age before app access per state directive.
- COPPA / COPPA 2.0— enforces under-13 (and expanded under-17) age detection at the data-collection boundary.
- KOSA— exposes the age-band signal to every covered platform’s enforcement decisions.
- EU AADC + Digital Services Act— applies the strictest member-state age threshold.
- CA AB 1709 (age-16 social media floor)— gates social-media account creation by verified age.
Adopter Tier 1 certification.
To ship Age-conformance for an Adopter Tier 1 certification, your implementation must pass the Age suite. Test count is [draft] coming Q3 2026. The suite covers OS-level age-signal ingestion, attestation chain verification, 180-day renewal cycles, and downstream capability hand-off correctness.
We are co-authoring the suite with our design partners. If you want a seat at the table while the bar is being set, reach out.
The 10 rules Age ships
Every rule below is implemented by this capability. Pulled directly from the rule registry.
- Age Gate — Enforces age verification requirements and restricts access to age-inappropriate content or features.
- App Store Age Attestation — Consumes age attestations issued by Apple and Google app stores as authoritative age signals for downstream enforcement.
- Civil-Society Age Recommendation Gate — Gates content by an upstream civil-society age recommendation per title.
- OS Age Signal Ingest — Consumes the OS-level age signal (Apple, Google, Samsung, Microsoft) at the moment of enforcement.
- Age Signal Broadcast — Emits the canonical age signal to every connected enforcement surface so apps and OSes act on a single source of truth.
- Hard ID Verification Escalation — Escalates to government-ID verification when softer age signals fail to confirm a user is above the configured threshold.
- Social Media Min Age — Enforces minimum age requirements for social media platform access based on jurisdiction.
- AI Chatbot Age Assertion — Requires AI chatbot products to assert and verify the user's age band before any conversational interaction.
- Teen Minimum Age 16 Gate — Enforces a statutory minimum age of 16 for account access on covered platforms.
- Adult-Site Age Verification — Requires sites serving content harmful to minors to verify 18+ via an accredited method — verify, decide, discard; no ID retention.