Arizona lawmakers are weighing a sweeping app-store age-verification proposal that would apply not only to app downloads but also to core phone functions most users take for granted, according to Reclaim The Net.

The measure, House Bill 2920, was introduced on January 27, 2026, and is pending before the Arizona House Science & Technology Committee. As described, the bill would require age checks for app store accounts and would also cover preinstalled software and built-in tools such as the web browser, text messaging app, search bar, calculator, and weather widget, effectively placing nearly every piece of mobile software under age-gating requirements.

How HB 2920 would work

Under the proposal, app store providers would be required to determine each account holder’s age category using “commercially available” verification methods. The bill, as reported, does not precisely define what verification methods would qualify, and it assigns the Arizona Attorney General the role of setting rules for acceptable processes.

HB 2920 would divide users into four groups:

• Under 13
• Ages 13–16
• Ages 16–18
• Adults

For anyone under 18, the bill would require the minor’s account to be “affiliated” with a parent account and mandate “verifiable parental consent” before a minor could download or purchase an app or make in-app purchases. Reclaim The Net notes that this consent framework would also extend to preinstalled apps, meaning the first time a minor attempts to open certain default phone functions, the system could require parent approval before access is granted.

A key issue raised in the coverage is that the bill does not specify how parent-child relationships will be verified. Instead, app stores would have wide discretion to determine parenthood via unspecified “commercially reasonable” methods.

Updates could trigger new consent requests

The bill’s scope would extend beyond initial access and downloads. If a developer makes a “significant change” to an application, the proposal would require renewed parental consent before the minor can access the updated version.

In the Reclaim The Net description, “significant change” would include:

• Privacy policy modifications
• Changes to categories of data collected
• Age rating changes
• Adding in-app purchases
• Introducing advertisements

That could mean routine software maintenance becomes a gatekeeping event. A weather app that adds a banner ad, for example, could require fresh parental approval. A note-taking app’s privacy policy update could also trigger a new consent prompt before a minor can keep using it.

To make this system function, developers would be required to notify app stores of “significant changes,” while app stores would need to notify parent accounts and secure renewed permission before restoring access.

Penalties and lawsuits

Reclaim The Net reports that HB 2920 would include civil penalties up to $75,000 per violation, alongside a private right of action allowing parents and minors to sue for $1,000 per violation, plus potential punitive damages. The piece argues these provisions could increase compliance pressure on both app stores and developers.

Because consent status would need to be tracked, app stores would have to collect and maintain records tied to age categories, parental affiliations, verification records, and consent histories, and share age-category data with developers during downloads, purchases, or app launches. While the bill includes language around “industry standard encryption” and limiting data use to compliance purposes, it would still require extensive data collection and transmission to operate as designed.

Comparisons to other states and legal scrutiny

The coverage points to Texas as a recent example of similar legislation. Reclaim The Net notes that a federal judge blocked Texas’ law before it took effect, describing it as comparable to requiring every bookstore to verify every customer’s age and to require parental consent for minors to enter and buy books. The ruling found the law likely unconstitutional, concluding that it imposed content-based restrictions and failed strict scrutiny.

Arizona’s HB 2920 is framed as part of a broader state-level push toward app-store age verification. Reclaim The Net lists Texas, Utah, Louisiana, and California as states that have passed versions of these measures, with different effective dates and enforcement approaches.

HB 2920 is described as going further than most by explicitly covering preinstalled applications, raising the possibility that a minor could purchase a phone and be unable to use built-in tools until a parent account is established and consent is granted.

Proposed effective date

Reclaim The Net reports that if HB 2920 advances through the legislature, it would take effect on November 30, 2026, setting a compliance timeline for app stores and developers.

The UK House of Lords has voted for changes that would expand age-checking rules to cover VPN services and a much wider range of interactive online platforms under the Children’s Wellbeing and Schools Bill.

What is being proposed

Two amendments were passed in the Lords:

• VPNs: VPN services used in the UK could be required to add age checks for UK users. The aim is to stop children from using VPNs without verification.
• Under-16 access to “user-to-user” services: Many services where users can post, message, comment, or interact with others could be required to introduce age checks designed to block under-16s from using them.

Who would be affected?

• People in the UK who use VPNs (for privacy, security, or access reasons) may face age verification before using a VPN.
• VPN providers may need to build or integrate age-check systems for UK users.
• Platforms with user interaction could be affected — not just “social media,” but potentially forums, community apps, messaging features, and some online games.
• For the adult industry, any platform that relies on interactive features (chat, DMs, comments, community tools) could face stronger age-checking requirements for UK traffic, depending on how regulators classify the service.

Why it matters

Supporters frame it as child safety. Critics warn it could expand identity/age checks across the internet, including tools like VPNs that many people use specifically for privacy.

What happens next

These amendments still need to pass the next stages of the bill process and could be changed later. A further update is expected as the bill moves forward.

Update (January 2026): EU regulators have opened a formal inquiry into Grok/X under the Digital Services Act, Malaysia temporarily blocked Grok and later lifted the restriction after X introduced safety measures, and California’s Attorney General announced an investigation; researchers say new guardrails reduced—but did not fully eliminate—nudification-style outputs.

What this is about

The passage describes the Grok “nudify” controversy that erupted in late December 2025 and carried into January 2026. Grok, X’s built-in AI chatbot, could be prompted to create sexualized edits of real people’s photos—such as replacing clothing with a transparent or minimal bikini look, or generating “glossed” and semi-nude effects—often without the person’s consent.

Why did it become a major problem on X

The key difference from fringe “nudify apps” or underground open-source tools is distribution. Because Grok is integrated into X, users could generate these images quickly and post them directly in replies to the target (for example, “@grok put her in a bikini”), turning image generation into a harassment mechanic at scale through notifications, quote-posts, and resharing.

What researchers and watchdogs flagged

The text claims that once the behavior was discovered, requests for undressing-style generations surged. It also alleges that some users attempted to generate sexualized images of minors, raising concerns about virtual child sexual abuse material and related illegal content—especially serious given X’s global footprint and differing international legal standards.

The policy and legal angle the article is making

• X’s own rules prohibit nonconsensual intimate imagery and child sexual exploitation content, including AI-generated forms.
• In the U.S., the article argues the First Amendment complicates attempts to regulate purely synthetic imagery, while CSAM involving real children is broadly illegal.
• The TAKE IT DOWN Act is discussed as a notice-and-takedown style remedy that can remove reported NCII, but does not automatically prevent the same input image from being reused to generate new variants.

How X/xAI responded (as described)

The piece contrasts Musk’s public “free speech” framing with the fact that platforms still have discretion—and in many places, legal obligations—to moderate harmful content. It says X eventually introduced guardrails and moved Grok image generation behind a paid tier, but some users reported they could still produce problematic outputs.

If you paste the exact excerpt/source you’re using (or tell me the outlet), I can rewrite it in a cleaner, tighter “news brief” style while keeping the meaning and key dates.