Sammy’s Law
Sponsored By: Senator Jon Husted
Introduced
Summary
Would let children or parents delegate control of a child’s social account to vetted safety apps. It pairs that delegation with required, third-party APIs and hourly, machine-readable data transfers while limiting how that data can be used.
Your PRIA Score
Personalized for You
How does this bill affect your finances?
Sign up for a PRIA Policy Scan to see your personalized alignment score for this bill and every other piece of legislation we track. We analyze your financial profile against policy provisions to show you exactly what matters to your wallet.
Bill Overview
Analyzed Economic Effects
5 provisions identified: 2 benefits, 0 costs, 3 mixed.
APIs for parents and children
This bill would require large social media sites to offer real-time APIs so a child or a parent (for children under 13) can delegate account management to a registered safety app. APIs must let apps manage settings, content, and get user data in machine-readable form at least once per hour. Platforms already large would have 180 days to comply; services that later become large would have 30 days. Delegation and access would continue until revocation or the child turns 17, and platforms must notify the child or parent about delegations and data summaries.
Which platforms must comply
This bill would call a service "large" if it allows child use, supports child-to-child sharing, and either has over 100,000,000 monthly global users or makes more than $1,000,000,000 per year (the revenue test would be adjusted each year for inflation). Large services would have to follow the bill's API, data-transfer, and oversight rules. Some professional marketplaces, news services without direct child messaging, and simple messaging-only services would be excluded. The coverage rules would decide which platforms must add APIs and follow the Act.
Rules for safety app providers
This bill would require any third-party safety software provider to register with the Federal Trade Commission before using the platforms' APIs. Registered providers would have to prove they are not controlled by certain foreign actors, only use child data to protect the child, not sell child data, and keep state-of-the-art security. Providers would need annual independent audits and must delete child user data within 5 days after a delegation is revoked. They would also have to give plain-language notices to children and parents about services and data practices.
Federal preemption of state API rules
This bill would stop States and localities from requiring large platforms to build the specific real-time APIs for child safety delegations described in the Act. It would not stop States from enforcing general consumer protection laws, tort or contract rules, fraud laws, or data-breach notification laws. The preemption would create one national standard for the APIs and block different state API mandates.
FTC oversight and enforcement
This bill would let the Federal Trade Commission treat violations as unfair or deceptive acts and use its normal enforcement powers. The Commission could deny, suspend, or permanently cancel a provider's registration for serious problems like gross negligence or misrepresentation. Providers would get appeals and a chance to fix problems, including a 45-day remediation window in key cases. The Commission must set up complaint rules within 180 days and would do compliance reviews of covered platforms every two years.
Sponsors & CoSponsors
Sponsor
Jon Husted
OH • R
Cosponsors
Katie Britt
AL • R
Sponsored 3/20/2026
Mark Warner
VA • D
Sponsored 3/20/2026
Roll Call Votes
No roll call votes available for this bill.
View on Congress.govTake It Personal
Get Your Personalized Policy View
Start a Free Government Policy Watch to see how policy affects your household, then upgrade to PRIA Full Coverage for year-round monitoring.
Already have an account? Sign in