South Carolina’s Age-Appropriate Code Design Act (the “Act”) was signed into law with immediate effect on February 5, 2026, with no time for covered online services to develop the mechanisms to ensure compliance with the Act. Companies that provide “covered online services” should be aware of these new requirements and the significant penalties that may be imposed if the Act is not enjoined by courts.
The Act contains unique risks and requirements, including personal liability for employees and officers of covered services, allowing parents to access minors’ communications, and submission of third-party audit reports for public review. Covered services are more likely to pull services than comply with the Act as it currently stands.
Ambiguous but Sweeping Jurisdiction
The Act applies to a “covered online service”, which is defined as (i) an entity that does business in the state, (ii) is reasonably likely to be accessed by minors, (iii) determines the purposes and means of processing a consumer’s personal data, and (iv) either (A) has an annual gross revenue in excess of $25,000,000 (adjusted every odd-numbered year to reflect inflation), or (B) annually buys, receives, sells, or shares the personal data of 50,000 or more consumers alone or in combination with its affiliates, or (C) derives at least 50% of its annual revenue from selling or sharing a consumer’s personal data. “Consumers” are not defined and it is unclear if the 50,000 consumers must be South Carolina residents. This ambiguity in the jurisdiction threshold could require online service platforms comply with the Act if they are available to South Carolina residents, have more than 50,000 consumers nationwide and are reasonably likely to be accessed by minors.
South Carolina’s “reasonably likely” to be accessed by minors standard means a covered online service has (among other factors) actual knowledge that the individual is a minor or the covered online service is “directed to children” as defined by the federal Children’s Online Privacy Protection Act (“COPPA”).Unlike COPPA, which defines minors as children under 13 years of age, the Act expands the definition of minors to anyone under 18 years of age. Many services that allow users above 13 years of age would therefore be subject to the Act.
The Act’s Design Safety Feature Requirements
A covered online service must:
-
Exercise reasonable care when using a minor’s data and when designing the platform to prevent harm to minors, including compulsive usage of the service, severe psychological harm (including anxiety, depression, self-harm or suicidal ideations), severe emotional distress, identity theft, discrimination, and financial or physical injury.
-
Make available to all South Carolina residents (whether or not a minor) easily accessible and easy-to-use tools to (i) disable features that encourage time spent on a platform (such as infinite scroll, auto-playing videos, gamification, a visible count of likes or comments, notifications or push alerts, in-game purchases, or appearance altering features), (ii) limit the amount of time spent on the covered online service, (iii) limit the financial value of purchase, (iv) block interactions from other users who are not part of a minor’s existing network, (v) restrict the visibility of the minor’s account, (vi) block the visible count of likes or comments, (vii) disable search engine indexing of a user’s account, (viii) prohibit others from viewing the user’s connections, and (ix) restrict the visibility of the user’s location. The covered online service must turn these features on by default for any known minor.
-
Only collect, use or share the minimum amount of a minor’s personal data necessary to provide the covered online services. The minor’s personal data cannot be used for any reason other than those for which is was collected. This includes a explicit prohibition on facilitation of targeted advertising to minors.
-
Not collect precise geolocation of a minor by default and an obvious notice must be provided when precise geolocation is being collected or used.
-
Not profile a known minor unless necessary to provide the service the minor has knowingly requested.
-
Provide parents accessible and easy-to-use tools to manage the minor’s account settings, change and control the minor’s privacy and account settings, and restrict the minor’s purchases and financial transactions. Parents must also be able to see the amount of time the minor spent on the covered online service and allow the parent to place limits on the time spent.
-
Provide obvious notice to a minor if the minor is being monitored by any parental monitoring features.
-
Establish a means for parents, minors and schools to report harm to minors.
-
Not facilitate ads directed to minors for products prohibited for minors, including drugs, tobacco, gambling and alcohol.
-
Not use “dark patterns”, which will be deemed an unlawful trade practice under South Carolina’s Unfair Trade Practices Act and subject to the penalties available under such act. Dark patterns are interfaces designed to have the effect of subverting or impairing a user’s autonomy, decision making or choice.
-
Provide clear, conspicuous and easy-to-understand information about how the systems provide information to minors, the design safety and privacy protection features for minors and how minors and parents can control the systems and utilize the design safety and privacy protection features.
Annual Audit and Reporting Requirements
Covered online services must allow an independent auditor to draft a public report reviewing the covered online service’s design features, use of personal data and business practices related to minors conducted. The public report must then be submitted to the South Carolina Attorney General for public review by July 1. Given the immediate effect of the Act, the first such report is due July 1, 2026.
Enforcement and Personal Liability
The Act does not provide a right to cure. While the Act relies on enforcement from the Attorney General, violations can result in treble damages and officers and employees can be held personally liable for “wanton or willful” violations. As noted above, use of dark patterns also will result in liability under South Carolina’s Unfair Trade Practices Act.
Rapid Challenges to the Constitutionality of the Act
The Act has already been challenged by NetChoice, a trade association for internet companies and social media platforms, who has previously brought claims against California and Maryland’s Age-Appropriate Design Code Acts. Maryland’s law remains in effect but is proceeding to discovery. As in its challenge to the Act, NetChoice claims that Maryland’s and California’s laws violates the First Amendment, Fourteenth Amendment and is preempted by federal law.A district court in California found that the California Age-Appropriate Design Code likely violates the First Amendment, although that ruling is currently under review by the United States Ninth Circuit Court of Appeals.
