How The Kids Online Safety Act Has Evolved as Negotiations Ensue

Last July, the Senate overwhelmingly passed a package of bills to expand protections for kids online, a major milestone in congressional efforts to rein in tech companies’ safety practices.

The package, known as the Kids Online Safety and Privacy Act (KOSPA), primarily combined two bipartisan bills that had been vying for support for years: the Kids Online Safety Act (KOSA), which would impose a “duty of care” requiring platforms to mitigate potential harms to children on their products, and the Children and Teens’ Online Privacy Protection Act (COPPA 2.0), that would expand federal privacy protections to include those up to 16 years old.

But the bills languished in the House, where Republican leadership expressed reservations about KOSA in particular, potentially impacting the flow of speech online. Amid those negotiations, KOSA has undergone numerous revisions in both chambers as proponents look to build up its support base and get it over the finish line. It was reintroduced earlier this month.

Here’s a look at how KOSA’s legislative text has shifted during the most recent talks:

House markup version, September 2024

While Sens. Richard Blumenthal (D-CT) and Marsha Blackburn (R-TN) first introduced KOSA in the upper chamber in February 2022, the bill did not get a House companion until April 2024.

The bill, which was negotiated under GOP control, contained several key changes — chiefly a narrowed “duty of care” standard and more limited mental health protections. After the Senate passed its version of KOSA, alongside COPPA 2.0, the House Energy and Commerce Committee marked up and advanced both of its bills in September.

That version of KOSA, referred to as the House AINS (or the House manager’s amendment), created a tiered standard for when platforms ought to know that a child or minor was using their products (and thus when they should take the steps outlined in the measure to protect them).

In that version, “high impact” platforms would face the most stringent knowledge standard, holding them to obligations when they “knew or should have known” a user was a child or minor, while most other companies would need to have actual knowledge of users’ ages. But only those larger companies would be subject to the “duty of care” provision requiring that they take steps to “reasonably prevent and mitigate” certain harms to children.

This version did not include requirements to mitigate or prevent “mental health disorders,” “addiction-like behaviors,” “predatory, unfair or deceptive marketing practices,” and “online bullying,” though it did include obligations around cases of “serious emotional disturbance.”

It also omitted language from the Senate-passed version tasking the National Academy with conducting research into “the risk of harms to minors by use of social media and other online platforms.” This House version featured a more detailed description of the “Kids Online Safety Council” that KOSA would create and what information it would need to report to Congress.

During the September markup, committee Democrats tore into those changes, with several suggesting the proposal had been watered down so much they may no longer be able to support it on the floor. Still, both KOSA and COPPA 2.0 advanced by voice vote.

The amended House version also sought to assuage the trepidation from some conservatives that the bill could inadvertently chill speech, or even lead to viewpoint censorship. To that end, it included language stating that the bill could not be enforced “based upon a specific viewpoint of any speech, expression, or information protected by the First Amendment.”

Musk-approved version, December 2024

After House Republican leadership sharply criticized KOSA — and not only the more expansive Senate version but also the abridged House version — its Senate backers unlisted an unlikely ally to try to break the logjam in negotiations: Elon Musk.

Blumenthal and Blackburn in December unveiled a “New ‘X’ Negotiated KOSA Text” that had buy-in from X CEO Linda Yaccarino and Musk, who has allied with Republicans and branded himself as a “free speech absolutist” since buying the platform, formerly called Twitter.

The updated version merged the Senate-passed version under KOSPA with aspects of the House markup version, while also seemingly trying to quell conservative criticisms.

Similar to the House version, it included a section noting that the bill should not be “construed to allow a government entity to enforce [its provisions] based upon the viewpoint of users expressed by or through any speech, expression, or information protected by the First Amendment.”

This version did not adopt the tiered knowledge standard or treat platforms’ obligations differently depending on their size, like the iteration marked up by the House. But it did adopt several other key changes, including striking obligations to prevent “online bullying,” “addiction-like behavior,” “predatory, unfair, or deceptive marketing practices.”

Some of the requirements were replaced with more prescriptive language, including the duty of care standard itself, which would only apply in instances “where a reasonable and prudent person would agree that such harms were reasonably foreseeable by the covered platform and would agree that the design feature is a contributing factor to such harms.”

The obligation to prevent “mental health disorders” was similarly swapped out to reference “depressive disorders and anxiety disorders when such conditions have objectively verifiable and clinically diagnosable symptoms and are related to compulsive usage.”

Like the House version, this Senate version also scrapped language ordering more research into social media harms — which some Republicans have suggested could fuel more misinformation studies and potential “censorship.” It also adopted many of the changes for the creation of the “Kids Online Safety Council” proposed in the House version.

Latest reintroduction version, May 2025

The latest iteration of KOSA that was reupped earlier this month is essentially identical to the version that was unveiled late last year and negotiated with Musk’s X, except that it has been introduced again as a standalone measure rather than as a package with COPPA 2.0.

For years, lawmakers have debated whether Congress should try to tackle both children’s safety and children’s privacy in concert, try to hammer out one issue or the other, or combine the latter with a comprehensive privacy bill that would cover all consumers, not just kids.

In 2022, House lawmakers advanced a sweeping comprehensive privacy bill that included enhanced protections for kids, but sidestepped broader safety questions. Last year, the Senate took a different tact, passing the children’s safety and privacy package while eschewing a comprehensive privacy bill. It’s unclear how they will square those differences this Congress.

The latest KOSA text does still contain the Filter Bubble Transparency Act, once a separate proposal that would restrict what it calls “opaque” algorithms and require platforms to let users to see versions of their sites that were “unmanipulated” by their algorithmic choices. That measure was also tucked into the package that passed the Senate last year, KOSPA.