For three years, age-verification compliance in the United States has meant tracking a moving target: a patchwork of state laws, each with its own scope, its own verification standards, and its own litigation history. The SCREEN Act — the Shielding Children’s Retinas from Egregious Exposure on the Net Act, introduced in the 119th Congress as S.737 in the Senate and H.R.1623 in the House — proposes to lay a federal mandate across that patchwork. It would require online platforms that host or profit from content harmful to minors to deploy “technology verification measures” to keep minors out, explicitly outlaw the “click here if you’re 18” self-attestation that has been the industry default for decades, and put enforcement in the hands of the Federal Trade Commission.

For compliance teams, a federal age-verification statute is a different kind of obligation than another state law. It establishes a national floor, changes the litigation landscape, and forces a set of design decisions — about verification technology, data retention, and VPN handling — that carry both regulatory and constitutional risk. This article walks through what the bill requires, how it interacts with the existing state regime, and what to do now whether or not it becomes law.

What the SCREEN Act Requires

The bill is narrowly targeted by subject matter but broad in its technical demands. Its core provisions:

A real verification mandate. Covered platforms must “adopt and utilize technology verification measures” to ensure that users are not minors before granting access to content that is harmful to minors. The verification must actually work — the statute is built around the premise that meaningful age assurance, not a checkbox, is the standard.

A ban on self-attestation. The bill explicitly prohibits relying on a user simply clicking a button to assert they are over 18. This is the single most consequential operational change: the entire legacy model of “I am 18 or older — Enter” is rendered non-compliant on its face.

Transparency about the method. Platforms must publish the verification process they use, exposing their age-assurance method to public and regulatory scrutiny.

VPN and proxy coverage. In a provision that addresses the most common circumvention tactic, the bill requires platforms to subject users’ IP addresses — including known VPN and proxy IP addresses — to the verification measures, unless the platform determines the user is located outside the United States. This is a direct response to the documented surge in VPN usage every time a state age-verification law takes effect.

Data security and minimization. Recognizing that mandatory age verification creates a honeypot of sensitive identity data, the bill requires covered platforms to maintain strong data security and to minimize retention of the personal information collected during verification. This is the statutory acknowledgment of age verification’s central tension: protecting minors requires collecting exactly the kind of data whose collection creates new privacy risk for everyone else.

FTC enforcement. The Federal Trade Commission is empowered to enforce the requirements, conduct audits, and issue guidance. Treating a violation as the FTC would treat an unfair or deceptive practice gives the mandate real teeth and a familiar enforcement architecture.

As of the 2025–2026 Congress, the House version (H.R.1623) has gathered a coalition of cosponsors and the bill exists in parallel Senate form. It has not been enacted, but it represents the most concrete federal age-verification framework to reach this stage.

Why a Federal Floor Matters: The Patchwork Problem

The SCREEN Act does not arrive on a blank slate. It would land on top of an increasingly dense and conflicting body of state law that we have tracked in detail, including the age-verification compliance patchwork across America’s state laws. More than a dozen states have enacted their own adult-content age-verification statutes, and others have pushed verification down to the app store or operating-system level.

A federal statute interacts with that patchwork in ways compliance teams need to think through carefully:

  • A national floor, not necessarily a ceiling. Unless a federal law expressly preempts state law, it typically sets a minimum that states can exceed. The SCREEN Act as drafted is not a preemption play; platforms could face the federal mandate and stricter or differently-scoped state requirements simultaneously.
  • One enforcer, many definitions. The FTC would enforce the federal standard, but “harmful to minors,” “covered platform,” and acceptable verification methods are defined differently across the states. Operationalizing a single verification flow that satisfies the federal rule and a dozen state rules is the hard engineering and legal problem.
  • A uniform technical baseline. The bill’s prohibition on self-attestation and its VPN-coverage requirement would, in practice, push the entire covered industry toward a common technical baseline — document-based or third-party age-estimation systems — regardless of which state a user sits in.

The Constitutional Cloud

No analysis of the SCREEN Act is complete without the First Amendment overhang. Age-verification mandates for protected (if adult) speech have been litigated repeatedly, with mixed and evolving results. Some state laws have been struck down as unconstitutional, while the Supreme Court’s more recent engagement with the question has signaled greater tolerance for age-verification requirements applied to material that is obscene as to minors. The legal terrain is genuinely unsettled.

For a compliance audience, the takeaway is not to predict the outcome but to understand the exposure. A federal mandate, if enacted, would itself be challenged, and its scope and verification standards would be tested against the First Amendment’s requirement that restrictions on protected speech be narrowly tailored and use the least restrictive means. The data-minimization and security provisions in the bill are partly a response to that doctrine: a verification regime that hoards identity data is both a privacy liability and a constitutional vulnerability, because it makes the restriction less narrowly tailored than it could be.

The Privacy Paradox at the Center

The SCREEN Act crystallizes the defining tension of the age-verification era. To prevent minors from accessing harmful content, platforms must verify the age of every user — which means collecting identity signals (government IDs, biometric age estimates, or third-party tokens) from adults who have a legitimate right to the content. Every such system becomes a repository of exactly the data that breaches are made of. The bill’s data-security and retention-minimization requirements are an attempt to defuse that paradox, but they do not eliminate it. They shift the compliance burden toward verification architectures that confirm “over 18” without retaining the underlying identity document — tokenized, double-blind, or on-device age-assurance models. This same paradox runs through children’s privacy law generally, from COPPA’s updated rule to the state social-media statutes.

What to Do Now

Whether or not the SCREEN Act passes this Congress, its direction of travel is clear, and the operational work it implies is work that the state patchwork already demands. Platforms that host, link to, or monetize adult or mature content should:

  1. Retire self-attestation as a primary control. The “click to confirm” model is already non-compliant under multiple state laws and would be explicitly barred federally. Plan its replacement now.

  2. Select a verification architecture that minimizes data. Favor methods that return a binary age signal and discard the underlying identity data — third-party age-assurance providers, tokenized credentials, or privacy-preserving age estimation — over systems that store ID scans. This serves the bill’s minimization mandate and reduces breach exposure.

  3. Plan for VPN and proxy handling. The bill’s inclusion of known VPN/proxy IPs in the verification net is a meaningful engineering requirement. Understand how your geolocation and IP-classification stack would need to change.

  4. Document and publish your method. Transparency about the verification process is a SCREEN Act requirement and is increasingly expected under state law. Build the public-facing description now.

  5. Lock down the verification data pipeline. Treat any identity data collected during verification as among your most sensitive holdings: encrypt it, minimize retention, restrict access, and assume it will be the first thing a regulator or plaintiff asks about after an incident.

  6. Track the federal-state interaction. Map where a federal floor would and would not displace your state obligations. Assume, for now, that you must satisfy both.

Conclusion

The SCREEN Act would convert a fragmented, state-by-state age-verification landscape into one anchored by a federal mandate, a federal enforcer, and a federal prohibition on the self-attestation model that the industry has leaned on for a generation. It does not resolve the constitutional questions that have dogged age verification, nor does it escape the privacy paradox at the heart of the project — but it does set a clear technical and legal direction. For compliance teams, the prudent posture is to treat the bill less as a prediction and more as a specification: it describes, with unusual clarity, where age-verification obligations are heading regardless of any single bill’s fate.

This article is provided for informational purposes only and does not constitute legal advice.