Kids Online Safety Act (KOSA): 2025 Updates

First introduced in 2022, The Kids Online Safety Act (KOSA) is a proposed federal bill aimed at addressing the growing concerns surrounding the safety of children and teenagers online.

The bill introduces new regulations requiring online platforms to implement privacy and safety measures for children under 16 years old. It targets harmful features that encourage excessive internet use, restricts personalized recommendation algorithms, and limits the sharing of minors' personal information with other users. Key provisions include age-verification systems, content moderation protocols, and enhanced parental controls to create a safer online environment for minors.

However, the introduction of this bill has been met with controversy, as some argue that it could limit minors’ access to potentially vital resources and violate the First Amendment by imposing content moderation by the federal government.

“The Kids Online Safety Act will protect young people from harmful design and programming decisions, while explicitly safeguarding youth autonomy to explore online," says Laura Marquez-Garrett, Attorney at the Social Media Victims Law Center.

However, the Electronic Frontier Foundation (EFF), which opposes KOSA says: "KOSA is an unconstitutional censorship bill that gives the FTC, and potentially state Attorneys General, the power to restrict protected online speech they find objectionable."

The debate surrounding the KOSA bill highlights the delicate balance between safeguarding vulnerable young users and preserving the principles of a free and open internet.

KOSA's Key Provisions

These are the primary provisions that make up the current version of KOSA:

• Duty of care: Social media platforms are mandated to prevent and mitigate risks to minors, including exposure to content promoting self-harm, eating disorders, substance abuse, and sexual exploitation.
• Parental tools: Parents must be provided with tools to manage their children's online experiences, such as controlling privacy settings, monitoring screen time, and restricting purchases.
• Opt-out mechanism: Minors and their guardians are given the option to disable algorithmic recommendations, allowing for a more controlled and less manipulative online environment.
• Data protection: The Act enforces stricter safeguards for minors' data, building upon existing protections to ensure enhanced privacy for users under 13.
• Transparency and reporting: Social media platforms are required to publish annual reports detailing potential harms to minors and the measures implemented to address these issues.
• Independent audits: Regular third-party audits are mandated to assess platforms' compliance with safety standards and their effectiveness in protecting minors.
• Age verification study: The act calls for a comprehensive study to evaluate age verification technologies and their implementation to prevent underage access to certain online services.
• Establishment of the Kids Online Safety Council: A council comprising parents, platform representatives, and federal agencies will be formed to advise on the Act's implementation and ongoing improvements.

Recent KOSA Updates 

KOSA saw significant legislative activity through the second half of 2024. In July, the US Senate passed an amended version of the bill with overwhelming bipartisan support with a vote of 91-3.

Following this, in September 2024, the House Committee on Energy and Commerce advanced its own version of KOSA, introducing modifications to the "duty of care" provisions to address concerns about First Amendment implications. But disagreements led to delays, and the bill did not reach a full House vote before the end of the 118th Congress. Senator Richard Blumenthal has expressed intentions to reintroduce the bill in the current 119th Congress.

In December 2024, X (formerly Twitter) collaborated with Senators Richard Blumenthal and Marsha Blackburn to negotiate updated text for KOSA, hoping to alleviate Republican apprehensions regarding potential censorship. However, organizations like the Electronic Frontier Foundation have criticized these revisions, asserting that the bill still poses risks to free speech and privacy rights.

KOSA was a candidate for inclusion in the 2024 end-of-year spending package, a common strategy used to advance significant bipartisan legislation without requiring a separate vote. However, KOSA was ultimately excluded from the final package, delaying its enactment. This setback can be attributed to a combination of factors, including intense lobbying from tech companies and concerns from digital rights advocates. Despite strong bipartisan support and growing public concern over online safety for children, KOSA must now navigate the legislative process independently or be reintroduced in future spending or supplemental bills.

Will KOSA Be Effective?

The current KOSA proposal, while a step in the right direction, falls short. Currently, the bill lacks significant penalties for non-compliance, which could weaken its impact. Without clear consequences, social media platform may deprioritize compliance, limiting the bill's ability to create safer online environments.

Additionally, KOSA does not include a private right of action, which would empower victims and their families to sue platforms directly for failing to meet safety standards. This omission reduces legal accountability and shifts enforcement solely to regulatory agencies, which may lack the resources to pursue every violation.

While the bill would allow the Federal Trade Commission to sue apps and websites that don’t take measures to restrict young people’s access to harmful content, this alone is not enough. To truly do the future justice, and keep minors safe online, we must advocate for a regulatory framework that not only addresses current challenges but is also agile enough to adapt to the unforeseen complexities of the digital age.

KOSA is Not the First Law Attempting to Protect Kids Online

While KOSA seeks to address new forms of digital harm, it is not the first attempt to regulate how children interact with the internet. That distinction belongs to the Children’s Online Privacy Protection Act (COPPA), a law passed more than two decades ago, which the FTC has been attempting to modernize.

KOSA and COPPA share a common goal: protecting children in digital environments. COPPA, enacted in 1998, focuses on safeguarding the personal data of children under 13, while KOSA aims to expand protections to users under 16 by addressing design harms and algorithmic targeting. Both reflect growing recognition that existing frameworks have not kept pace with how kids and teens engage online.

Another commonality they share is that, like many federal initiatives, both face significant delays. Despite momentum, COPPA’s proposed amendments remain stalled due to political disagreements and shifts in leadership.

This Might Interest You:

• Pen Register Cases: Redefining Privacy Under CIPA
• Amazon's 'Just Walk Out' Tech Faces BIPA Lawsuit
  
• The VPPA Lawsuit Wave: Old Laws Meet New Tech