Navigating the New Era of Youth Digital Safety
The landscape of digital safety for minors is shifting beneath our feet. What began as a series of legislative proposals has rapidly evolved into a complex, global web of mandates, bans, and enforcement actions. For businesses operating online, “wait and see” is no longer a viable risk strategy.
At Myna, we are seeing a marked increase in organizations struggling to reconcile conflicting requirements across jurisdictions while maintaining a seamless user experience. To move past reactive panic and toward proactive resilience, we are launching a three‑part series exploring how a risk‑based, auditable approach to youth safety can become a durable business capability.
Part 1: The Global Landscape: How South Carolina’s Age‑Appropriate Design Code (AADC) reset compliance expectations in the U.S., and how global approaches are diverging.
Part 2: The Audit Blueprint: How to structure a defensible, risk‑based audit for “likely to be accessed by minors” products and features.
Part 3: Privacy by Design in Practice: How to operationalize youth safety using established privacy and governance frameworks.
Part 1: South Carolina’s AADC & the New Youth Safety Reality
The regulatory environment for youth digital safety has entered a decisive new phase. What was once dominated by proposed legislation and uncertain enforcement has become an active compliance landscape—defined by binding obligations, accelerated timelines, and increasing scrutiny of product design itself.
For organizations operating online, particularly those with general‑audience services, youth safety is no longer a niche compliance issue. It is rapidly becoming a board‑level product governance concern.
A Turning Point for U.S. Youth Safety Regulation
Youth digital safety regulation in the United States has historically moved slowly—often tempered by litigation risk, industry pushback, and extended implementation timelines. South Carolina’s enactment of HB 3431, the South Carolina Age‑Appropriate Design Code (SC AADC) marks a departure from that pattern.
By making the law effective immediately upon enactment, South Carolina eliminated the informal grace periods companies have come to expect from technology regulation. In doing so, the state sent a clear signal: youth safety obligations are no longer aspirational norms—they are enforceable requirements.
Who the SC AADC Applies To
The SC AADC applies to any online service, product, or feature likely to be accessed by a minor under 18, regardless of whether the service is explicitly directed at children. In practice, this could include:
- General‑audience platforms with known youth usage
- Social media, gaming, and creator monetization tools
- E‑commerce, content, and recommendation‑driven services
- Mobile apps, connected devices, and AI‑driven personalization systems
Critically, the law shifts the burden of proof. If a company cannot credibly document why a minor is unlikely to access a feature, regulators may presume that the feature falls within scope.
What the SC AADC Actually Requires
While the statute includes familiar themes from other Age‑Appropriate Design Codes, its enforcement posture and what it demands operationally sets it apart.
A Note on Ongoing Litigation
Although the SC AADC is currently being challenged in federal court by NetChoice, and enforcement timelines could ultimately be affected by judicial rulings, the law remains in effect unless and until a court enjoins it.
1. Immediate Compliance Obligations
There is no phased rollout under the SC AADC. Existing products and features are subject to enforcement the moment the law takes effect.
This means:
- Legacy features must be assessed alongside new releases
- Internal assessment alone is insufficient without documentation
- Legal, product, and engineering teams must work concurrently
From a risk perspective, the SC AADC compresses the distance between legal interpretation and product execution.
2. Restrictions on Addictive & Engagement‑Driven Design
The law explicitly prohibits certain engagement‑optimizing design mechanisms for minors, including infinite scroll and autoplay.
However, enforcement will not turn on labels alone. Features that produce similar behavioral effects—such as algorithmic amplification, streaks, variable‑reward notifications, or opaque ranking systems—are likely to receive comparable scrutiny.
A narrow, literal reading of the statute is unlikely to survive regulatory review.
3. Protective Defaults & Parental Controls
For known minors, the SC AADC requires that parental monitoring and safety features be enabled by default.
This introduces complex design questions:
- How is a “known minor” identified without invasive verification?
- How are defaults enforced across sessions and devices?
- How are parental safeguards balanced against teen autonomy?
These questions are not merely legal; they are product governance decisions that must be justified and documented.
4. Mandatory Independent Audits
Beginning July 1, 2026, covered organizations must submit an annual, independent third‑party audit to the South Carolina Attorney General.
These audits are designed to evaluate:
- How youth‑related risks are identified at the feature level
- How and why design mitigation decisions were made
- Whether documentation and accountability structures are in place
In effect, the audit becomes the primary mechanism through which compliance is assessed.
The Growing U.S. Patchwork
South Carolina now joins California, Maryland, Nebraska, and Vermont in adopting AADC‑style laws, but with meaningful differences in scope, enforcement posture, and timelines.
For many organizations, building state‑specific compliance logic is operationally untenable. As a result, companies are increasingly adopting “highest common denominator” design approaches across U.S. users.
While this reduces legal variance, it also creates new risks:
- Over‑restricting adult user experiences
- Introducing unnecessary age‑verification friction
- Accumulating technical debt under compressed timelines
A Different Path Abroad: Access Bans
Outside the United States, regulators are often pursuing a fundamentally different youth safety strategy.
Countries such as Australia, France, and Spain are exploring or implementing age‑based access bans, framing youth participation as a question of market access rather than product design. These regimes emphasize exclusion over mitigation.
For global companies, this divergence creates tension. Measures that satisfy access‑based regimes—such as high‑assurance identity verification—may undermine U.S. privacy and design principles.
Youth safety compliance can no longer be managed country by country. It must be addressed architecturally.
What South Carolina Signals for 2026
The SC AADC crystallizes three converging risk dynamics:
- Compliance and liability exposure, heightened by aggressive enforcement timelines
- Operational friction, driven by rushed design changes and governance gaps
- Litigation uncertainty, where waiting for judicial clarity is no longer a viable strategy
By July 2026, South Carolina regulators will not simply ask what companies built, but why they built it that way.
Can your organization clearly explain how its defaults, algorithms, and engagement systems account for the well‑being of minors?
In Part 2, we turn to the practical question: how to prepare for the SC AADC audit that South Carolina’s law requires.
