Senate Bill 26-051 reflects that pattern. The bill does not directly regulate individual websites that publish adult or otherwise restricted content. Instead, it shifts responsibility to operating system providers and app distribution infrastructure.
Under the bill, an operating system provider would be required to collect a user’s date of birth or age information when an account is established. The provider would then generate an age bracket signal and make that signal available to developers through an application programming interface when an app is downloaded or accessed through a covered application store.
App developers, in turn, would be required to request and use that age bracket signal.
Rather than mandating that every website perform its own age verification check, the bill attempts to embed age attestation within the operating system account layer and have that classification flow through app store ecosystems.
The measure represents the latest iteration in a series of Colorado efforts that have struggled to balance child safety, privacy, feasibility and constitutional limits.
As a parent, I wish someone would develop a cross platform, open source, parental control tool that preserves privacy while allowing for strong controls that are simple to use. The best I could come up with is a separate instance of Pihole that any device my kids use is linked to. It would be nice if there was a software option or something implemented in hardware that allowed parents to register the device with the user’s age (no identifying info). Laws could then be passed forcing certain websites and apps to reject any users under a certain age. The restrictions could automatically lift when the user reaches a predetermined age. I’m not an expert so there are probably aspects of this I haven’t thought through but it seems better than what has been implemented so far.
I’m not in IT and only have tangential knowledge, but I would think something like corporate internet control would work for this. I know my company has blanket access restrictions with the ability to modify them on an individual basis. But I haven’t the slightest idea how to implement that. I think all of my company device data goes through a tunnel.