AB 1043: The Digital Age Assurance Act — Developer Guide
The AB 1043 developer guide for California age assurance compliance. Arcadia Age API (A3) provides compliant, frictionless age assurance — no verification walls, no identity friction, no stored PII.
Last Updated: February 10, 2026
The California Digital Age Assurance Act (AB 1043) represents a fundamental shift in how applications handle user age. It moves away from scattered "age gates" and toward a standardized, device-level signaling infrastructure.
Key Compliance Deadlines
January 1, 2027 — The law becomes fully operative. All new application downloads must request age signals.
July 1, 2027 — "Look-back" deadline. Developers must request signals for any app updated since January 1, 2026, even if it was downloaded before the law took effect.
What AB 1043 Means for Developers
Under this law, the burden of "Age Assurance" is a shared responsibility between Operating System Providers (Apple/Google) and App Developers.
1. The "Actual Knowledge" Clause
The most critical part of AB 1043 is that receipt of a signal is deemed "actual knowledge" of a user's age. Once your app receives a signal (e.g., "Under 13"), you are legally responsible for treating that user as a minor across all platforms and points of access.
2. Authoritative Signal
Developers must treat the OS signal as the primary indicator of age. You cannot willfully disregard the signal unless you have "clear and convincing" internal information that the age is different.
3. Data Minimization
The law prohibits developers from requesting more information than is strictly necessary for compliance. This is why A3's stateless architecture is a core compliance feature — we process the signal without ever persisting the underlying payload.
The Cost of Non-Compliance
The California Attorney General has sole authority to enforce these provisions. Civil penalties are steep:
| Violation Type | Penalty |
|---|---|
| Negligent violations | $2,500 per affected child |
| Intentional violations | $7,500 per affected child |
At scale, these fines compound quickly. An app with 100,000 minor users facing an intentional violation could be liable for up to $750 million in penalties.
The Web Gap
AB 1043 mandates OS-level age signals for app store-distributed applications. But browsers have no OS age signal. If your product has a web presence serving California users — a website, a web app, a PWA — the law creates compliance obligations without providing the mechanism.
A3 solves this by treating the web as a first-class platform. The @a3api/signals browser SDK is a drop-in npm package (under 5 KB gzipped) that passively collects behavioral and contextual signals from standard browser events — no user interaction required. When os_signal is not-available, the engine shifts to full supplementary assessment using these signals. The result is the same structured response — verdict, confidence score, evidence tags, and cryptographic receipt — that you get on native platforms.
How A3 Solves for AB 1043
Integrating with Apple's Declared Age Range API, Google's Play Age Signals API, and building a separate web solution is a moving target across three platforms. A3 provides a single unified interface that normalizes all of them:
Cross-Platform Normalization
One API call normalizes Apple, Google, and browser-based signals into the four California-mandated brackets (Under 13, 13-15, 16-17, 18+). Your backend sees one response format regardless of platform.
/v1/assurance/assess-ageWeb-Native Age Assurance
For browsers where no OS signal exists, the @a3api/signals browser SDK passively collects behavioral and contextual signals, and A3's signal fusion engine provides full age assessment from them.
Zero-Persistence Logs Generates the audit logs required to prove "Good Faith Reliance" without storing user PII.
Signed Receipts Provides your backend with an HMAC-SHA256 receipt to prove the signal was requested and received at launch — across every platform.