In 2024, identity verification provider AU10TIX, which provided services to companies like TikTok and Uber, was found to have exposed drivers’ licenses to hackers for over a year. In 2025, the age-verification systems provider for the social media site Discord was breached, exposing potentially 70,000 users’ government IDs. In 2026, the lesson should already be clear that once age verification depends on vendors and stored identity data, a safety system can become a breach vector.
And the rise of AI is only accelerating these risks, making hacks faster and the resulting damage easier to inflict.
This is the backdrop against which the U.S. House passed the Kids Internet and Digital Safety (KIDS) Act on June 29th, a sprawling package built around the Kids Online Safety Act (KOSA), 267-117. The bill now sits in the Senate, where KOSA’s own authors, Democrat Richard Blumenthal and Republican Marsha Blackburn, resoundingly rejected the House version and are pushing a tougher one, in part by tying it to federal preemption of state AI laws. A Senate Commerce Committee markup is expected this month. Whatever emerges from that process will shape how identity works online for years.