The 5th Circuit’s May 28 stay in Computer & Communications Industry Association v. Paxton put Texas SB 2420 back on the books, at least for now. A federal district judge had blocked the law in December 2025, writing that it likely violated the First Amendment as an unconstitutional content-based restriction. The 5th Circuit didn’t explain its reasoning. It just lifted the block while the panel decides whether to keep it lifted.
That ambiguity is the entire problem for compliance teams. Utah, Texas, Louisiana, and Alabama — Alabama’s HB 161 signed in February — all now require app stores to verify account-holder ages and transmit “age signals” to developers, who must then manage minor access and implement safety features. Moving fast on implementation burns budget that could wash out if courts strike these laws down. Sitting still risks liability if they survive.
The Future of Privacy Forum’s comparison chart published this week maps where the four laws diverge, and the enforcement gap is the sharpest fault line. Utah relies solely on a private right of action. Texas’s law only gets a PRA through an incorporated reference to the state’s Deceptive Trade Practices Act. Louisiana is the only state without a PRA entirely. That’s three different litigation exposure profiles under broadly similar age-signal obligations.
The constitutional case against ASAAs is exactly the read-across risk the broader app-store industry should be stress-testing now. If the 5th Circuit ultimately vacates the stay and the district court’s First Amendment analysis holds, it creates a persuasive blueprint for challengers in Utah and Louisiana courts, and potentially stalls Alabama’s effective date before it ever triggers.
Worth auditing your age-signal integration roadmap before the 5th Circuit issues its merits ruling later this year.
Rebecca Lauren