AB 1043, the California Digital Age Assurance Act, is a California state law that requires mobile app developers and digital platforms to implement device-level age assurance. It shifts the compliance burden to app developers, requiring them to request and act on age signals provided by the device operating system (Apple or Google). The law becomes fully operative on January 1, 2027.

Who does AB 1043 apply to?

AB 1043 applies to app developers who distribute applications through the Apple App Store or Google Play Store to California users. If your app is available to California residents and you don't implement age assurance by the deadline, you may be subject to civil penalties.

What is the AB 1043 compliance deadline?

The law becomes fully operative on January 1, 2027 — all new app downloads after this date must request age signals. A second "look-back" deadline of July 1, 2027 requires developers to request signals for any app updated since January 1, 2026, even if it was downloaded before the law took effect.

What are the penalties for violating AB 1043?

Penalties are assessed per affected child. Negligent violations carry $2,500 per child; intentional or knowing violations carry $7,500 per child. For any app with significant reach among minors, exposure can reach tens of millions of dollars.

Does AB 1043 require ID verification?

No. AB 1043 is deliberately designed to avoid identity-based verification walls. The law centers on OS-level age signals — Apple's Declared Age Range API and Google's Play Age Signals — which provide age brackets without transmitting personal identity information. The legal standard is "commercially reasonable" age assurance, not certainty.

What does "commercially reasonable" age assurance mean under AB 1043?

"Commercially reasonable" is the legal standard AB 1043 uses for age assurance. It means using the best available signals in good faith — primarily the OS-level age signal — without requiring certainty. You are not expected to achieve 100% accuracy, but you must act on available signals and must not willfully disregard a signal indicating a minor.

Does AB 1043 apply to web apps and browsers?

Web browsers do not emit Apple or Google age signals, so the OS-level pathway defined in AB 1043 doesn't directly apply to web. However, if you operate a platform with both a native app and a web presence, compliance on the native side triggers 'actual knowledge' obligations across all surfaces. A3 provides a browser SDK that collects passive behavioral signals to deliver age assurance on the web, filling the compliance gap where OS signals don't exist.

What is "actual knowledge" under AB 1043?

Under AB 1043, receipt of an OS age signal — such as "Under 13" — constitutes "actual knowledge" of a user's age. Once your app receives that signal, you are legally responsible for treating that user as a minor across all platforms and access points, including your website.

Effective January 1, 2027

AB 1043

California's Digital Age Assurance Act

AB 1043 requires app developers to implement device-level age assurance and act on OS age signals. It creates strict legal liability for apps that reach minors — and it takes effect in under a year.

Read the Developer Guide Get Your API Key

The Law at a Glance

What AB 1043 requires, when it kicks in, and what non-compliance costs.

Operative Date

Jan 1, 2027

All new downloads must request age signals

Look-Back Deadline

Jul 1, 2027

Apps updated since Jan 1, 2026 must comply retroactively

Negligent Penalty

$2,500

Per affected child, per violation

Intentional Penalty

$7,500

Per affected child for knowing violations

What AB 1043 Requires

Three obligations that define your legal exposure under the statute.

"Actual Knowledge" = Legal Liability

Receipt of an OS age signal is deemed actual knowledge of a user's age. If you receive an "Under 13" signal, you are legally responsible for treating that user as a minor — across every surface, including your website.

OS Signal as Primary Indicator

You must treat the OS-level signal as the primary indicator of age. You cannot willfully disregard it unless you have "clear and convincing" internal evidence that the age is different — a very high legal bar.

"Commercially Reasonable" Standard

The law does not require certainty — it requires commercially reasonable age assurance. This means using the best available signals in good faith and building an audit trail that demonstrates your compliance posture.

Read the full AB 1043 developer guide

Why Compliance Is Harder Than It Looks

AB 1043 is built around OS signals — but OS signals don't cover everything.

Browsers Have No OS Signal

Apple's Declared Age Range API and Google's Play Age Signals only work inside native apps. Web browsers emit no age signal at all — leaving a compliance gap for any platform with a web presence.

Multi-Platform Complexity

iOS, Android, and web each handle age signals differently. Without a unified layer, developers must build and maintain three separate compliance paths — each with its own audit trail.

"Actual Knowledge" Crosses Surfaces

If your native app receives an 'Under 13' signal, that triggers actual knowledge obligations across your entire platform — including your website. Partial compliance is no compliance.

The AB 1043 Solution for Developers

Arcadia Age API (A3) is an AB 1043 API that covers iOS, Android, and the web — with full audit trails and zero PII retained.

Signal Fusion for Native Apps

A3 normalizes Apple and Google OS age signals into a single unified response format. One API call, one verdict, one audit trail — regardless of which platform the user is on.

Browser SDK for Web Coverage

Drop in the @a3api/signals SDK (<5KB) to passively collect behavioral signals on the web. Get full age assurance where OS signals don't exist — with the same response format as native.

Get the browser SDK →

Audit-Ready by Design

Every response ships with verdicts, confidence scores, evidence tags, and a cryptographic HMAC-SHA256 receipt. Store it in your own logs — no PII, fully defensible in a regulatory inquiry.

How receipts work →

Zero PII. No Breach Surface.

No images, biometrics, or identity data ever touch A3 servers. Every request is processed and immediately discarded. Nothing to store means nothing to breach.

Traditional ID Verification

Identity documents or selfies required

High drop-off at the verification wall

PII collected and stored — breach risk

Separate solutions per platform

Days or weeks to integrate

Arcadia Age API

Passive signal fusion — invisible to users

Zero friction, zero drop-off

No PII collected or retained — ever

iOS + Android + Web in one API call

Integrate in under 10 minutes

AB 1043 — Frequently Asked Questions

What is AB 1043?: AB 1043, the California Digital Age Assurance Act, requires mobile app developers to request and act on device-level age signals from Apple and Google. The law becomes fully operative on January 1, 2027.
Who does AB 1043 apply to?: It applies to app developers distributing through the Apple App Store or Google Play Store to California users. If your app is available to California residents, you need to implement age assurance before the deadline.
What is the AB 1043 compliance deadline?: January 1, 2027 — all new app downloads must request age signals. A second look-back deadline of July 1, 2027 covers any app updated since January 1, 2026.
What are the penalties for violating AB 1043?: $2,500 per affected child for negligent violations; $7,500 per child for knowing or intentional violations. For high-reach apps, this exposure can scale into the tens of millions.
Does AB 1043 require ID verification?: No. The law is built around OS-level age signals — not identity documents. The standard is "commercially reasonable" age assurance, which means acting on the best available signals in good faith.
Does AB 1043 apply to web apps?: Not directly — browsers don't emit OS age signals. But if your native app receives an age signal, that triggers 'actual knowledge' obligations across all your surfaces, including the web. A3's browser SDK fills this gap.
What is "actual knowledge" under AB 1043?: Receipt of an OS age signal (e.g., "Under 13") is deemed actual knowledge of a user's age. Once received, you're legally responsible for treating that user as a minor across every platform and access point.

Ship AB 1043 compliance before the clock runs out.

One API. Web, iOS, Android — covered. Zero PII retained. Audit-ready from day one. Get a free API key and integrate in under 10 minutes.

Get Your API Key Read the Developer Guide

Schedule a call with our team

Loading…