US KIDS Act - A Checklist Is Not a Duty of Care
- Kirra Pendergast

- 7 days ago
- 5 min read

The U.S. House of Representatives passed H.R. 7757 on Monday 29th of June, the Kids Internet and Digital Safety Act. The KIDS Act pulls together the big child-safety proposals advocates have been fighting for — KOSA, COPPA 2.0, the SCREEN Act, the Safer GAMING Act, the SAFEBOTs Act — into one package. It brings default-on safety settings, real tools for parents, limits on the kind of targeted advertising that treats children like data points, new disclosure rules for chatbots, crisis resources built into the places kids actually go for help, and an expanded definition of personal information that finally includes biometric data. These are not small things. They are overdue, and I thank the bipartisan coalition who refused to let them die in committee.
But......
The version the House passed says, in its own text, that its harms-mitigation requirements do not impose a duty of care on the platforms. And I need you to understand why that single line matters so much to all of us.
A duty of care is the difference between a company asking “did we check the boxes?” and a company asking “is a child going to be hurt by what we built?” It’s the difference between a safety setting existing somewhere in a menu and a company being genuinely responsible for the foreseeable consequences of its own design.
The earlier KOSA standard, the one Senators Blumenthal and Blackburn authored, the one the Senate itself passed in the last Congress, required platforms to exercise reasonable care to prevent harm baked into how their products work. This new House version steps back from that. And a checklist, no matter how long, is not the same as accountability.
I’ve spent enough time inside the machinery of this world to know exactly what happens next if we let this stand. A company will satisfy every itemized requirement on the list, point to the paperwork, and keep running the same algorithms that pull a vulnerable fifteen-year-old deeper into content that harms her, because nothing on the list said they couldn’t.
There are other doors left open, too. Survivor families and child-protection advocates have flagged them, and they’re right to. The bill can’t be allowed to quietly let companies off the hook through age-knowledge loopholes, the “we didn’t know she was a minor” defence, or through technical carveouts and design choices that route around the very protections we are all fighting for. And I keep coming back to one line in the fine print that I refuse to accept, the implication that childhood, online, ends at thirteen.
It doesn’t. A thirteen-year-old is a child. So is a seventeen-year-old. Teenagers are precisely the age group living most fully inside AI companions, recommendation feeds, games, and messaging apps and they are precisely the ones exposed to manipulative data practices, sexual exploitation, sexual extortion, and AI-driven harms we are only beginning to name. Any law that protects children only until their thirteenth birthday and then shrugs has misunderstood what a childhood is. The harms this bill names are narrower than in earlier drafts. The mental health categories, anxiety and depression, that were once written in have quietly fallen out. Those belong back in the text.
Why the KIDS Act matters far beyond Washington
In Australia, and in every country watching this debate — it would be easy to read “a U.S. bill” and turn the page. Don’t.
What Congress writes into this law will land in Australian bedrooms, British classrooms, and European playgrounds, because the companies it governs are the same handful of companies that shape childhood everywhere.
Almost all of the platforms our kids live inside are built and headquartered in the United States. When American law forces a change to how a product is designed, an algorithm, a default setting, an age-assurance system, the cheapest thing for a global company to do is usually to build it once and ship it worldwide. Strong U.S. rules quietly raise the floor for children in Sydney and São Paulo. Weak, checkbox-style U.S. rules do the opposite because they hand every platform a ready-made template for the least they can get away with, and a lobbying script to wave at every other government that tries to ask for more.
And a lot of governments are asking for more. Australia’s social media age restrictions are now in effect, requiring age-restricted platforms to take reasonable steps to prevent Australians under 16 from creating or keeping accounts (eSafety Commissioner). In the UK, the Online Safety Act child safety regime has already moved into implementation, and the government has now announced a further under-16 social media ban to be brought forward through regulations under powers in the Children’s Wellbeing and Schools Act, with protections expected to come into force in Spring 2027 (GOV.UK). The UK package is designed to block social media companies from offering services to under-16s, restrict harmful functions such as livestreaming and stranger communication across a wider range of services including gaming, require stronger age assurance, and set an 18-plus threshold for AI “romantic companion” chatbots designed to simulate sexual relationships or roleplay (GOV.UK).
The European Commission’s 2025 DSA minors guidance now explicitly addresses recommender systems, addictive design features, screenshots, streaks, autoplay, push notifications, AI chatbots, and age assurance (European Commission). The EU AI Act’s AI literacy obligation entered application on 2 February 2025, with national supervision and enforcement beginning in 2026 (European Commission).
The direction is clear. Digital safety is no longer a poster, a pastoral lesson, a parent talk, or a compliance appendix. It is an environment standard. It is a leadership discipline. It is, increasingly, a duty-of-care question. The rest of the democratic world has largely decided that “reasonable care” is the right standard. For the United States — home to the platforms themselves — to pass a law that expressly disclaims a duty of care would be a gift to every company hoping the global tide might turn back.
The harms don’t stop at any border, either. Sextortion rings target a teenager in Perth and a teenager in Phoenix with the same scripts. An AI companion doesn’t know or care which passport its user holds. When one major jurisdiction sets a serious, design-based standard, it becomes far harder for a platform to run a dangerous product anywhere. When it settles for a checklist, children everywhere inherit the loophole.
So this is my ask, and I’m making it directly to the Senate, please don’t let this become the watered-down version. You are so close. Restore the affirmative duty of care. Close the loopholes. Bring back the mental health harms. Make sure the protections reach every minor, in every corner of the internet where they actually spend their lives, not just the corners easiest to regulate. Do it knowing the whole world is watching.



Comments