Within the next week, Congress is preparing to vote on the **KIDS Act**, a sprawling package of legislation that seeks to control Americans’ web browsing and private messaging. The package includes a revised version of the **Kids Online Safety Act**, or **KOSA**, combined with a collection of other internet bills, study bills, reporting requirements, and new regulations. Instead of debating any of these proposals on their merits, lawmakers are attempting to move them all at once under an ultra-expedited process. The cobbled-together bills present a complex and potentially legally risky landscape for online services, with varying age-gating schemes and standards. Many companies may conclude that the safest option is to implement restrictive age-checking practices across their entire platforms. Buried inside the **KIDS Act** are provisions that will push online services to verify all users’ ages, require government-directed moderation policies for online speech, and even create new rules about private and encrypted communications. While supporters claim this bill protects minors online, its requirements come at the expense of privacy, free expression, and the ability of people of all ages to use the internet without revealing sensitive data. ### The KIDS Act Pressures Platforms to Check Everyone's Age Supporters of **KOSA** have stated the bill doesn’t require age verification. And technically, the **KOSA** section of the bill does say that **KOSA** shouldn’t be read to require age verification. However, a closer look at the rest of the bill reveals this disclaimer may be hollow. Throughout the **KOSA** section of the legislation, special protections, controls, messaging settings, and parental tools are required whenever a website or app “knows or should have known” a user is a child (defined in the bill as anyone under 13) or a teen (defined as anyone between 13 and 16 years old). The problem lies in the “knows or should have known” standard, a low, negligence-style threshold. If an online service makes a mistake, it will be up to courts and regulators to decide, after the fact, if an online service “should” have known a user was 16. To avoid liability, services will be compelled to determine users' ages. This will likely involve collecting more information, potentially through driver's licenses, passports, or age-estimation systems. Existing age-estimation systems are known to be inaccurate, particularly for children, and disproportionately fail for people of color, people with disabilities, and trans and nonbinary individuals. The bill’s authors appear to be aware of this inherent contradiction: on one hand, **KOSA** states age verification is not required; on the other, it repeatedly imposes obligations that depend on knowing a user's age. This disclaimer does not eliminate legal risk, especially for smaller services and startups unable to defend costly lawsuits or regulatory actions. ### The "KIDS Act" Is an Age Surveillance Bill **KOSA** is not the only part of this package creating pressure for age verification. The **SAFE BOTS Act**, similar to **KOSA**, uses the “knows or should have known” standard to restrict certain chatbot features for minors. The **SCREEN Act** requires services hosting sexually explicit content to determine whether users are “more likely than not” under the relevant age limit before granting access. The consequences of this liability will extend beyond minors. If websites and apps are expected to reliably identify teenagers, adults will inevitably be asked to prove their age, resulting in a less private internet for everyone. ### The KIDS Act Pressures Platforms To Police Lawful Speech The new version of **KOSA** removes the bill’s infamous "duty of care" provision, a significant change. However, the revised **KOSA** still requires covered platforms to "establish, implement, maintain, and *enforce*" policies and procedures addressing several categories of content and conduct. While some categories, such as true threats and sexual exploitation, involve unlawful activity, others are much broader. The bill specifically requires policies addressing the "sale or use" of narcotic drugs, tobacco products, cannabis products, gambling, and alcohol, as well as discussions around financial fraud. This raises concerns about the policing of lawful speech. Can teens discuss addiction and recovery? Can a 15-year-old post about a friend drinking too much, seek advice about a parent’s gambling problem, or get help after being scammed? Can they participate in harm-reduction communities or discuss substance abuse treatment? All of these young people would be engaging in lawful speech on topics covered by **KOSA**’s enumerated harms. The bill does not directly ban these conversations, but it places immense pressure on platforms to create and enforce moderation policies around broad categories of lawful speech. Faced with legal risk, many services will inevitably choose to remove or restrict such discussions to adult-only spaces, leading to increased censorship. ### The KIDS Act Regulates Private Messages, Too Several provisions of the bill create new rules around direct messages, disappearing or “ephemeral” messages, and AI chat services. The bill includes language stating that certain **KOSA** requirements should not be construed to override strong encryption. However, this protection is incomplete. The carve-out applies to certain features and messaging controls, but not to **KOSA**’s separate requirement that platforms "address" a list of harms to minors. The **KIDS Act** fails to answer a critical question: how can a platform address activities within encrypted communications it cannot read? This will inevitably create pressure for providers to weaken private communications or limit features on encrypted private services. This approach is particularly troubling for ephemeral messaging. Disappearing messages are not a “loophole” or a dangerous design trick; they are a useful privacy feature that allows online conversations to function more like ordinary real-world interactions, which are not permanently recorded. Like many other parts of the **KIDS Act**, these private messaging provisions also depend on websites and apps knowing who is a minor and who is not. The result is more age checks, more restrictions, and less privacy online for everyone.