Colorado Signs Device-Level Age-Check Law (SB26-051)

Colorado Governor Jared Polis signed SB26-051, the Age Attestation on Computing Devices Act, on June 3, 2026. The law pushes online age checks down to the device operating system, requiring providers such as Apple, Google, and Microsoft to pass an age-bracket signal to apps rather than asking each website to collect an uploaded ID. It takes effect January 1, 2028.

Information last verified on June 9, 2026. This is a developing story; we update it as the record changes.

Jurisdiction scope: This article addresses Colorado Senate Bill 26-051 and the age-attestation duties it creates for operating-system providers and app developers under Colorado law. It does not state the age-verification or privacy law of other states. For Colorado privacy law generally, see Colorado data privacy laws.

What Happened

On June 3, 2026, Governor Jared Polis signed Senate Bill 26-051, the Age Attestation on Computing Devices Act, into law. The Senate sponsors were Matt Ball and Larry Liston, and the bill carried bipartisan support through both chambers before reaching the governor's desk. The measure does not require websites to collect government identification. Instead, it places the age determination at the device layer and routes a limited age signal to the apps a user opens.

The law sets a phased timeline. Its substantive duties take effect January 1, 2028, and because the legislature passed it without a safety clause, the effective date is subject to a possible referendum petition under Colorado law. Supporters frame the bill as a privacy-protective way to help apps identify minors without forcing every user to hand identity documents to every site they visit.

What the Law Actually Says

SB26-051 places the first obligation on operating-system providers, the companies that run the software on phones, tablets, and computers. At account setup, a provider must offer an accessible interface for the account holder to indicate a birth date, age, or age bracket for the device's user. The provider then translates that information into age brackets and makes an age-category signal available to app developers through a reasonably consistent, real-time application programming interface.

The second obligation falls on app developers. A consumer software application accessed through a covered app store must request the age signal when the app is first launched or when a user first creates an account, so the developer can determine the user's age range, including whether the user is a minor. The statute limits what both sides may do with the data: an operating-system provider or developer may not share the age data with third parties, and may not collect any data that is not directly related to determining the age range.

Enforcement runs through the Colorado Attorney General. The civil penalty is up to $2,500 for each minor affected by a negligent violation and up to $7,500 for each minor affected by an intentional violation, assessed in a civil action brought by that office. Colorado already raised the floor for minors' data when SB24-041 amended the Colorado Privacy Act, codified at Colo. Rev. Stat. 6-1-1301 and following, effective October 1, 2025. For that framework, see Colorado data privacy laws and the state's biometric privacy rules.

Analysis: Why This Matters

The following is analysis from the Recording Law Editorial Team.

The notable feature of SB26-051 is where it puts the age check. Many of the age-verification laws states passed over the last two years put the burden on the website: visit a covered site, upload a government ID or pass a third-party check, then gain access. That model has drawn repeated First Amendment challenges. Colorado instead routes the signal through the device operating system, so an app receives an age category rather than a copy of an identity document. This is the same architecture Illinois adopted in its 2026 device-signal bill, and a close cousin of the app-store account model in Texas.

The constitutional backdrop is real. In Free Speech Coalition v. Paxton, 606 U.S. 461 (2025), the U.S. Supreme Court applied intermediate scrutiny and upheld a Texas law requiring age verification for sexually explicit content, which gave states room to legislate in this space. Laws that regulate how minors experience general-audience apps sit on different footing than laws gating access to explicit material, and several have faced their own court challenges. We are not predicting how any challenge to the Colorado approach would resolve. What is clear is that the device-signal design is a deliberate attempt to deliver age assurance with a smaller data footprint, and that the major operating-system providers, not just individual websites, are now the parties on the hook.

How This Affects You

If you are a parent in Colorado, the law is built around an age tied to the device account, so the age set on a child's device would drive the age signal that apps receive. If you are an older teenager, the operating-system signal reports an age category rather than your full identity. These are general descriptions of how the law is structured, not advice about any particular family's situation.

If you build apps or operating systems, the threshold questions are whether you are a covered provider or developer and what the January 1, 2028 timeline requires of your account-setup flow and your age-signal handling. A general summary is not a substitute for a close read of the enacted text and advice from a Colorado-licensed lawyer where the stakes warrant it. Enforcement here runs through the Attorney General, not private lawsuits.

This is general legal information, not legal advice. It covers Colorado Senate Bill 26-051 as signed and reflects sources verified on June 9, 2026. Laws change and this story is developing; consult a lawyer licensed in your jurisdiction about your specific situation.

---

Related articles

• Colorado data privacy laws: the CPA and your rights
• Texas app store age-verification law (SB 2420)
• Illinois device-level age-assurance bill (HB 5511)
• Iowa age-verification law (HF 864)

---

Last updated: 2026-06-09. This is a developing story; details verified as of June 9, 2026.