[wp-trac] [WordPress Trac] #65093: Age Assurance Framework for WordPress

WordPress Trac noreply at wordpress.org
Fri Apr 17 18:27:08 UTC 2026 

#65093: Age Assurance Framework for WordPress
-----------------------------+-----------------------------
 Reporter:  telizarose       |      Owner:  (none)
     Type:  feature request  |     Status:  new
 Priority:  normal           |  Milestone:  Awaiting Review
Component:  Administration   |    Version:
 Severity:  normal           |   Keywords:
  Focuses:                   |
-----------------------------+-----------------------------
 == Summary ==
 Add standardized hooks and infrastructure to support age-aware user
 experiences and regulatory compliance

 == Problem Statement ==

 Age assurance is becoming a baseline requirement for digital products.
 Across the U.S., a patchwork of state laws now mandates age verification
 or age-based restrictions:

 * '''California Digital Age Assurance Act (AB 1043)''' (effective January
 2027) – Enables standardized age signals from operating systems to
 applications
 * '''California Age-Appropriate Design Code (AB 2273)''' – Requires
 services likely used by minors to assess age and mitigate harm
 * '''Protecting Our Kids from Social Media Addiction Act (SB 976)''' –
 Mandates age-based restrictions on feeds and engagement features
 * '''App Store Accountability Acts''' – Shift responsibility to developers
 for age verification and parental controls
 * '''Texas HB 1181''' – Requires age verification for access to certain
 online content (upheld by U.S. Supreme Court)
 * '''Additional states''' (Utah, Louisiana, Florida, Arkansas, Tennessee,
 Virginia, Wyoming, and others) – Impose age verification or age-based
 restrictions on content, social media, or app usage

 Collectively, roughly '''25+ states''' have passed age verification laws
 in some form, with more legislation pending. Federal policymakers are
 actively exploring similar requirements.

 ==== The Gap ====

 Despite this regulatory shift, WordPress lacks:

 1. A standardized way to receive or interpret age signals (from operating
 systems, browsers, or third parties)
 2. A unified model for age-based policy enforcement across plugins,
 themes, and APIs
 3. A consistent mechanism to support developers in meeting regulatory
 expectations

 Currently, age handling in WordPress is fragmented, inconsistent, and
 largely dependent on isolated plugin logic or manual site-owner
 implementation. This creates:

 * '''Compliance risk''' for site owners unable to implement trusted,
 auditable age systems
 * '''Developer burden''' – Every implementation reinvents the wheel
 * '''Ecosystem weakness''' – WordPress will lacks standardized age signals
 soon to be required for end users

 == Proposed Solution ==

 WordPress should provide standardized infrastructure—not mandate policy—to
 enable the ecosystem to build trustworthy, compliant age-aware solutions.

 This includes:

 1. '''Age context as first-class user data''' – Standardized metadata
 structure for age-related signals and verification state
 2. '''Extensible hooks''' – Entry points for plugins to receive, validate,
 and enforce age-based policies
 3. '''REST API alignment''' – Age context accessible and enforceable in
 API workflows
 4. '''Audit trail support''' – Standardized logging mechanism for
 compliance and accountability

 == User Stories ==

 === Story 1: Site Owner Can Receive and Track Age Signals ===

 '''As a''' site owner
 '''I want to''' receive age verification signals from external sources
 (OS, browser, third-party providers)
 '''So that''' I can implement age-aware experiences without building
 verification from scratch

 === Story 2: Developer Can Build Age-Based Access Control ===

 '''As a''' plugin or theme developer
 '''I want to''' enforce age-based access rules on content and features
 '''So that''' site owners can comply with age-awareness regulations
 without hardcoding policies

 === Story 3: Developer Can Log Age-Related Events for Compliance ===

 '''As a''' compliance or logging plugin developer
 '''I want to''' capture when age signals are received and when access is
 granted/denied based on age
 '''So that''' site owners have an auditable trail for regulatory
 compliance

 === Story 4: REST API Respects Age Context ===

 '''As an''' API client
 '''I want to''' receive age-aware responses and permission errors from
 REST endpoints
 '''So that''' I can build age-gated experiences on mobile apps, headless
 frontends, etc.

 == Why This Matters Now ==

 1. '''Regulatory acceleration:''' Laws are passing faster than plugins are
 developing unified solutions. Core support prevents future fragmentation.

 2. '''Competitive parity:''' iOS 17+, Android, and web browsers are
 already standardizing age signals. These regulations will increase this
 need across more platforms. WordPress needs to participate in this shift.

 3. '''Ecosystem efficiency:''' Plugins should focus on policy and UX, not
 infrastructure. Core hooks enable this separation.

 4. '''Trust and compliance:''' Site owners need an auditable, platform-
 level approach to age handling, not ad-hoc plugin combinations.

 5. '''Future-proofing:''' As federal regulations emerge, WordPress sites
 with standardized age infrastructure will adapt faster than those with
 fragmented implementations.

 == Out of Scope ==

 This ticket is '''not''' proposing:

 * Age verification services or APIs (plugins provide these)
 * Specific age-based policies (plugins and site owners decide)
 * Content filtering or blocking (core provides hooks; plugins enforce
 policy)
 * Changes to authentication or login flow
 * New user roles or capabilities (leverage existing system)
 * Breaking changes to existing functionality

 == References ==

 === Federal ===
 * [https://www.congress.gov/bill/118th-congress/senate-bill/1291 U.S.
 Senate: Kids Online Safety Act (KOSA) - Bipartisan bill addressing age
 verification and youth online safety]

 === California ===
 *
 [https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202320241043
 California AB 1043 (Digital Age Assurance Act)] – Effective January 1,
 2027
 *
 [https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202320242273
 California AB 2273 (Age-Appropriate Design Code)] – Age assessment and
 design standards for minors
 *
 [https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202320240976
 California SB 976 (Protecting Our Kids from Social Media Addiction Act)] –
 Age-based feed/engagement restrictions

 === Texas ===
 *
 [https://capitol.texas.gov/BillLookup/History.aspx?LegSess=88R&Bill=HB1181
 Texas HB 1181] – Age verification for adult content; upheld by U.S.
 Supreme Court

 === Other States (Sample) ===
 * '''Utah''' – HB 296 (Age Verification for Adult Content)
 * '''Louisiana''' – HB 1 (Online Age Verification Requirements)
 * '''Florida''' – HB 1 (Age Verification for Social Media)
 * '''Arkansas''' – HB 1939 (Age Verification Requirements)
 * '''Tennessee''' – HB 1414 / SB 1117 (Age Verification for Minors)
 * '''Virginia''' – SB 427 (Parental Notification and Age Verification)
 * '''Wyoming''' – HF 0073 (Age Verification for Age-Restricted Services)

 === Industry Standards & Platforms ===
 * [https://www.apple.com/child-safety/ Apple Privacy-Preserving Age
 Signal] – iOS 17+, macOS Sonoma+
 * [https://developer.android.com/docs/quality-guidelines/core-app-quality
 Google Play App Age Rating] – Android age assurance ecosystem
 * [https://www.ncsl.org/technology-and-communications/age-verification-
 privacy-and-safety-online National Conference of State Legislatures (NCSL)
 Age Verification Tracking]

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/65093>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list