The Age‑Appropriate Design Code (AADC) laws in the UK, California, Nebraska, and Vermont form a growing regulatory framework aimed at reshaping how online services design digital experiences for users under 18. Together, they reflect a shift from traditional notice‑and‑consent models toward privacy‑ and safety‑by‑design, requiring platforms to anticipate risks to children and build protections directly into product architecture. These laws share a common lineage in the UK’s pioneering Age‑Appropriate Design Code, but each U.S. state adapts the model to its own policy priorities and legal environment.
UK Age‑Appropriate Design Code (Children’s Code)
The UK’s Age‑Appropriate Design Code, issued by the Information Commissioner’s Office (ICO), is the original and most influential children’s design‑safety framework. It applies to any online service “likely to be accessed by children,” including social media, games, apps, connected toys, and streaming platforms.
Core features
- High‑privacy settings by default
- Data minimization and limits on profiling
- Prohibition on using children’s data in ways that are “detrimental to their wellbeing”
- Clear, child‑friendly privacy information
- Restrictions on nudge techniques and dark patterns
- Geolocation protections
- Mandatory Data Protection Impact Assessments (DPIAs) for child‑risk scenarios
The UK Code became a global reference point, inspiring California’s AADC and subsequent U.S. state laws.
California Age‑Appropriate Design Code Act (AB 2273)
California enacted the first U.S. AADC in 2022, modeled directly on the UK Code. Although enforcement is currently blocked by a federal court, the law remains highly influential.
Key elements
- Applies to online services “likely to be accessed by children” under 18
- Requires Data Protection Impact Assessments (called “Design Assessments”)
- High‑privacy defaults for minors
- Prohibits using children’s data in ways that are “materially detrimental”
- Limits on profiling, dark patterns, and behavioral nudging
- Restrictions on geolocation tracking
- Child‑friendly privacy notices
California’s AADC triggered a wave of similar bills across the U.S., even as litigation continues.
Nebraska Age‑Appropriate Online Design Code Act (Nebraska AADC)
Nebraska enacted its AADC on May 30, 2025, joining the growing group of states adopting UK‑style design‑safety laws.
Key elements
- Modeled on the UK and California frameworks
- Applies to online services likely to be accessed by minors
- Requires platforms to prevent children from viewing inappropriate content
- Establishes design‑stage obligations to reduce foreseeable risks to minors
- Reflects bipartisan concern about children’s online safety
Nebraska’s law is part of a broader trend of states adopting AADC‑style protections despite ongoing legal challenges to California’s version.
Vermont Age‑Appropriate Design Code Act (Vermont AADC)
Vermont enacted its AADC on June 12, 2025, becoming one of the newest states to adopt a UK‑style design code.
Key elements
- Closely aligned with Nebraska’s and California’s frameworks
- Requires platforms to assess and mitigate risks to minors
- Focuses on preventing exposure to harmful or inappropriate content
- Reflects a growing national movement toward child‑centric digital design
Vermont’s adoption signals that AADC‑style laws are expanding even as courts evaluate the constitutionality of earlier versions.
Cross‑jurisdiction comparison
Why these laws matter
- They establish design‑stage obligations, not just data‑handling rules.
- They expand protections to all minors under 18, not just children under 13 (as under COPPA).
- They require companies to anticipate and mitigate psychological, developmental, and safety risks.
- They are rapidly spreading across U.S. states, creating a new regulatory category of children’s online safety and design law.
- They influence global policy debates on youth safety, AI systems, and platform design.