# ICMEC Model Legislation & App Store Accountability Act (ASAA) Investigation

**Date:** 2026-03-13
**Research Focus:** ICMEC's model legislation programs, their relationship to ASAA bills, Meta funding connections, and the Digital Childhood Alliance pipeline

---

## CRITICAL DISTINCTION: Two Separate Model Bills

A key finding of this investigation is that there are **two distinct model legislation frameworks** circulating at the state level, often conflated:

1. **ICMEC's Digital Age Assurance Act (DAAA)** - Device/OS-level age verification
2. **Digital Childhood Alliance's App Store Accountability Act (ASAA)** - App store-level age verification

These are **different bills with different approaches**, though they overlap in goals. ICMEC is primarily behind the DAAA; the Digital Childhood Alliance (DCA) is primarily behind the ASAA. Meta funds the DCA and supports the ASAA approach.

---

## 1. ICMEC's Model Legislation Programs

### A. CSAM Model Legislation (2006-present, 10 editions)

ICMEC's longest-running model legislation program is the **"Child Sexual Abuse Material: Model Legislation & Global Review"**, first published in April 2006. Now in its 10th Edition (October 2023), this report:
- Reviews CSAM legislation across 196 countries
- Provides a "menu of concepts" for lawmakers drafting anti-CSAM laws
- Uses 5 criteria to evaluate legislative sufficiency
- Has contributed to 138 countries now having "sufficient" legislation (up from 27 in 2006)
- Structure: (1) Definitions; (2) Offenses; (3) Mandatory Reporting; (4) Industry Responsibility; (5) Sanctions and Sentencing

**Source:** https://www.icmec.org/csam-model-legislation/
**PDF (10th Ed):** https://cdn.icmec.org/wp-content/uploads/2023/10/CSAM-Model-Legislation_10th-Ed-Oct-2023.pdf

### B. Child Protection Model Law

A comprehensive model law covering all forms of neglect, abuse, maltreatment, and exploitation. Incorporates international standards from the Convention on the Rights of the Child, citing 130 domestic laws from 68 countries.

**Source:** https://www.icmec.org/child-protection-model-law/

### C. Digital Age Assurance Act (DAAA) - 2024-present

ICMEC's newest model legislation, published October 2024 and updated for 2025. This is the bill relevant to the current age verification debate.

**Full model text:** https://cdn.icmec.org/wp-content/uploads/2024/10/Digital-Age-Assurance-Act-2024.pdf

**Key provisions:**
- **Section 2:** Findings and purposes
- **Section 3:** Definitions (Application Store, Device, Minor, Mature content, Covered Manufacturer)
- **Section 4:** Age assurance requirements for Covered Manufacturers (i.e., OS/device makers)
- **Section 5:** Enforcement (exclusive authority to enforce; 45-day written notice before action)
- **Section 6:** Severability
- **Section 7:** Effective date (1 year after enactment)
- **Section 8:** Uniform Standards

**Core approach:** Device-level/OS-level age verification. Places burden on operating system companies (Apple, Google, Microsoft) rather than app stores or individual apps. User verifies age ONCE at the device level; a secure API shares age range with websites/apps.

**Supporting documents:**
- Technical Whitepaper: https://cdn.icmec.org/wp-content/uploads/2024/10/Digital-Age-Assurance-Act-Technical-Whitepaper-FINAL-Feb-07-2025.pdf
- Constitutional Analysis: https://cdn.icmec.org/wp-content/uploads/2024/10/The-Digital-Age-Assurance-Act-Constitutional-Analysis-02-07-2025-FINAL.docx.pdf
- FAQs: https://cdn.icmec.org/wp-content/uploads/2024/11/ICMEC-Digital-Age-Assurance-Act-FAQs-2025-Final.pdf

**ICMEC also runs ageverificationpolicy.org**, a dedicated website for promoting the DAAA to policymakers. Contact: Bob Cunningham, Director of Policy Engagement.

---

## 2. ASAA Bills Using Common Template Language

The App Store Accountability Act (ASAA) is a **separate template** from ICMEC's DAAA. The ASAA template is distributed by the **Digital Childhood Alliance (DCA)**.

### States with enacted ASAA laws:
| State | Bill | Status |
|-------|------|--------|
| Utah | SB-142 | Signed into law 2025 |
| Texas | SB-2420 | Signed into law 2025 |
| Louisiana | HB-570 | Signed into law 2025 |
| Alabama | HB-161 | Signed into law Feb 2026 |

### States with pending/introduced ASAA bills:
| State | Bill | Status |
|-------|------|--------|
| Kansas | SB-372 | Passed Senate 34-6; in House committee March 2026 |
| South Dakota | SB-180 | Advanced from Judiciary 5-1 (2025 session) |
| Ohio | HB-226 / SB-167 | Meta-backed version; competing with Google-backed HB-302/SB-175 |

### California's distinct approach (DAAA-based):
| State | Bill | Template |
|-------|------|----------|
| California | AB-1043 | ICMEC's DAAA model (NOT the ASAA template) |
| Colorado | SB26-051 | DAAA-style device-level approach |

**NOTE:** California AB-1043 (the "Digital Age Assurance Act") was **co-sponsored by ICMEC** and represents the ICMEC DAAA model, NOT the DCA ASAA model. Colorado SB26-051 similarly follows the DAAA device-level approach.

### Common ASAA template provisions (shared across UT, TX, LA, AL, KS, SD, OH):
- Age verification at app store account creation using "commercially reasonable methods"
- Minor accounts linked to verified parent accounts
- Verifiable parental consent before downloads, purchases, or in-app transactions
- Age categories: child (<13), younger teen (13-15), older teen (16-17), adult (18+)
- Parental consent renewal for significant changes to terms/privacy/monetization
- Enforcement via state consumer protection acts and/or private cause of action

### Key differences between ASAA and DAAA:
| Feature | ASAA (DCA/Meta) | DAAA (ICMEC) |
|---------|-----------------|--------------|
| Verification point | App store level | Device/OS level |
| Verification method | "Commercially reasonable" verification | Self-reported age during OS setup |
| Burden on | App stores (Apple, Google) | OS manufacturers |
| Scope | Mobile devices primarily | All computing devices |
| Parental consent | Required for each download | Not primary mechanism |
| Who benefits | Social media platforms (Meta) | Arguably more balanced |

### Federal bills:
- **S.1586** (Sen. Mike Lee, R-UT) - ASAA template
- **H.R.3149** (Rep. John James, R-MI) - ASAA template
- Both introduced 119th Congress (2025-2026)

**Source confirming NACL adoption:** The National Association of Christian Lawmakers (NACL) unanimously adopted the ASAA as model legislation at their 2025 National Policy Conference at Liberty University, making it the first national organization of elected officials to do so.
https://www.prnewswire.com/news-releases/national-association-of-christian-lawmakers-adopts-app-store-accountability-act-as-model-legislation-302504515.html

---

## 3. ICMEC's Relationship to Meta

### Confirmed: Meta is an ICMEC donor

Meta is listed on ICMEC's official supporters page (https://www.icmec.org/our-supporters/). Specific funding amount not publicly disclosed in available sources, though ICMEC categorizes major donors as those giving "$25,000 or more."

### Partnership projects:
- Meta partnered with ICMEC, IWF, and Child Helpline International on the "Help Children be Children" campaign and the Child Safety Online Africa Portal (2022).
- Source: https://www.icmec.org/press/icmec-works-with-meta-iwf-and-child-helpline-international-on-a-new-campaign-against-child-sexual-abuse-in-africa/

### IRS 990 filings:
ICMEC (EIN: 22-3630133) files Form 990 and publishes consolidated financial statements. The 2023 financial statements are available at: https://cdn.icmec.org/wp-content/uploads/2025/02/ICMEC-2023-Consolidated-FS.pdf

Charity Navigator profile: https://www.charitynavigator.org/ein/223630133

### Important nuance:
While Meta donates to ICMEC, ICMEC's DAAA model is actually a **competitor** to Meta's preferred ASAA approach. The DAAA places burden on device/OS makers, while the ASAA places burden on app stores -- the approach Meta prefers because it shifts responsibility away from social media platforms. ICMEC and Meta are aligned on the goal of age verification but differ on mechanism.

---

## 4. ICMEC's Relationship to the Digital Childhood Alliance (DCA)

### No direct organizational relationship found

Despite both working on age verification, ICMEC and the DCA appear to be **separate organizations with different approaches**:

- **ICMEC** promotes the DAAA (device-level)
- **DCA** promotes the ASAA (app store-level)

No overlapping board members or staff were identified between the two organizations.

### DCA organizational details:
- **Founded by:** Melissa McKay (also founder of Digital Childhood Institute, DCI)
- **Executive Director:** Casey Stefanski
- **Senior Policy Advisor:** John Read (former 30-year DOJ Antitrust Division veteran)
- **Structure:** 501(c)(4) nonprofit (does not disclose donors)
- **Coalition:** 140+ member organizations including Heritage Foundation, National Center on Sexual Exploitation, Institute for Family Studies
- **Function:** Distributes ASAA model bill template to state legislators; provides talking points, social media graphics, outreach templates

### DCA's Meta funding (confirmed):
Bloomberg investigation revealed Meta is helping fund the Digital Childhood Alliance. When Louisiana Senator Jay Morris pressed DCA Executive Director Casey Stefanski on tech company funding during Senate Finance Committee testimony:
- Stefanski said she "didn't feel comfortable" answering
- Eventually admitted tech companies fund DCA but refused to name them
- Cited 501(c)(4) status as reason for non-disclosure
- Source: https://www.thecentersquare.com/louisiana/article_e97200f8-13d0-4b1f-90a9-e9a7093d329f.html
- Source: https://www.deseret.com/opinion/2025/12/07/child-safety-bill-backed-by-meta/

---

## 5. ICMEC Personnel Testifying/Advocating at State Level

### Confirmed testimony:

1. **Robert (Bob) Cunningham** - Director of Policy Engagement, ICMEC
   - Testified **in favor** of North Dakota SB 2380 before the Senate Industry and Business Committee (February 10, 2025)
   - Testimony document: https://ndlegis.gov/assembly/69-2025/testimony/SINBUS-2380-20250210-36541-F-CUNNINGHAM_ROBERT.pdf

2. **ICMEC presentation to Virginia Joint Commission on Technology and Science** (November 2024)
   - Presented on the Digital Age Assurance Act (DAAA) as device-level solution
   - Document: https://studiesvirginiageneralassembly.s3.amazonaws.com/meeting_docs/documents/000/002/391/original/ICMEC_Age_Assurance.pdf

3. **Jessica Marasa** - Policy Advisor, ICMEC (former Global Director of Law Enforcement Response at Twitch)
   - Supported California AB-1043 (the DAAA-based bill, co-sponsored by ICMEC)

4. **West Virginia HB 2609** - ICMEC provided public comment/testimony
   - Source: https://www.wvlegislature.gov/legisdocs/2025/committee/public_comments/Hent/HB2609_02-25-PC.pdf

### Note on ICMEC vs. DCA testimony:
ICMEC personnel testify in favor of **DAAA-style** (device-level) bills, not ASAA-style (app store-level) bills. The ASAA bills receive testimony from DCA personnel like John Read and Casey Stefanski, and from organizations like the Institute for Family Studies and NCOSE.

---

## 6. Connection Between ICMEC Model Legislation and Meta Lobbyist / Rep. Kim Carver

### The Kim Carver / Meta lobbyist story:

According to Pluribus News and multiple Louisiana media outlets, the sequence was:

1. **2024:** Louisiana Rep. Kim Carver (R) was working on a youth data privacy bill
2. **A Meta lobbyist** pitched Carver on adding app store age verification language -- specifically requiring Google and Apple's app stores to flag minors, arguing both companies already collect age data
3. The Meta lobbyist's proposed language would require app stores to share "age category" data with app developers
4. When Apple learned of the amendment, they "went from zero to 60 instantly," hired additional lobbyists, and called it a "poison pill from Meta"
5. The app store language was stripped from the 2024 bill under Apple's lobbying
6. In 2025, Carver reintroduced the concept as HB-570, which passed unanimously and was signed into law

**Sources:**
- https://pluribusnews.com/news-and-events/meta-lobbies-for-app-store-age-verification-laws/
- https://9to5mac.com/2024/09/03/meta-lobbied-for-child-safety-bill-to-blame-apple-but-apples-own-lobbying-got-it-off-the-hook/

### ICMEC's role in this specific episode:
**No direct connection found.** The language brought to Carver by the Meta lobbyist was ASAA-style (app store-level) language, which aligns with the DCA template, NOT with ICMEC's DAAA device-level model. ICMEC's model legislation operates on a separate track.

### However, the broader pipeline works as follows:
- Meta funds the DCA (confirmed but amounts undisclosed)
- DCA distributes ASAA model bill templates to state legislators
- Meta lobbyists independently pitch ASAA-aligned language to lawmakers (as in the Carver case)
- ICMEC separately promotes its DAAA model through its own channels
- Both approaches serve to deflect regulation away from social media platforms themselves

---

## 7. ICMEC's Model Legislation Program - Process and Scope

### Process:
1. **Research phase:** Open-source research conducted in-house with legal research interns
2. **Drafting:** Model bill text created incorporating international standards and best practices
3. **Publication:** Released as PDF with supporting documents (FAQ, technical whitepaper, constitutional analysis)
4. **Distribution:** Shared directly with legislators, presented at state commission hearings, and hosted on dedicated websites (e.g., ageverificationpolicy.org)
5. **Support:** ICMEC staff (e.g., Bob Cunningham, Jessica Marasa) provide testimony and advocacy at the state level

### Complete list of ICMEC model legislation programs:

| Model Bill | First Published | Current Edition | Scope |
|------------|----------------|-----------------|-------|
| CSAM Model Legislation & Global Review | April 2006 | 10th Edition (Oct 2023) | 196 countries |
| Child Protection Model Law | -- | Current | Based on CRC, 68 countries |
| Digital Age Assurance Act (DAAA) | October 2024 | 2025 version | US states |

### States where DAAA-based (ICMEC model) bills have been introduced:
Per ICMEC, 19 states and Congress introduced DAAA-style legislation in 2025, including Alaska, Hawaii, California (AB-1043, signed into law), Illinois, and others. Colorado SB26-051 (2026) also follows this model.

---

## Summary: The Two-Track Legislative Pipeline

```
TRACK 1: ICMEC's DAAA (Device-Level)
  ICMEC drafts model bill → Presents to state commissions (VA, ND, WV, CA)
  → Co-sponsors bills (CA AB-1043) → ICMEC staff testify
  → Places burden on OS/device manufacturers (Apple, Google, Microsoft)
  → Meta is an ICMEC donor but DAAA is NOT Meta's preferred approach

TRACK 2: DCA's ASAA (App Store-Level)
  DCA distributes model bill template → Provides turnkey resources to legislators
  → DCA staff testify (John Read, Casey Stefanski) → NACL adopts as model
  → Places burden on app stores (Apple, Google Play) NOT on social media platforms
  → Meta funds DCA (confirmed by Bloomberg; DCA 501(c)(4) won't disclose)
  → Meta lobbyists independently pitch ASAA language (Kim Carver episode)
  → Enacted: UT, TX, LA, AL | Pending: KS, SD, OH + ~20 other states
```

**Key finding:** ICMEC is NOT the source of the ASAA template language that Meta lobbyists distribute. The ASAA template comes from the Digital Childhood Alliance, which Meta funds. ICMEC promotes a competing device-level approach (DAAA). However, both organizations receive Meta funding, and both approaches serve to shift regulatory burden away from social media platforms.

---

## Sources

- ICMEC Model DAAA text: https://cdn.icmec.org/wp-content/uploads/2024/10/Digital-Age-Assurance-Act-2024.pdf
- ICMEC supporters page: https://www.icmec.org/our-supporters/
- DCA ASAA page: https://www.digitalchildhoodalliance.org/asaabill/
- DCA FAQ: https://www.digitalchildhoodalliance.org/faq/
- Pluribus News (Meta/Carver): https://pluribusnews.com/news-and-events/meta-lobbies-for-app-store-age-verification-laws/
- Deseret News (Meta/DCA funding): https://www.deseret.com/opinion/2025/12/07/child-safety-bill-backed-by-meta/
- The Center Square (Stefanski testimony): https://www.thecentersquare.com/louisiana/article_e97200f8-13d0-4b1f-90a9-e9a7093d329f.html
- NACL adoption: https://www.prnewswire.com/news-releases/national-association-of-christian-lawmakers-adopts-app-store-accountability-act-as-model-legislation-302504515.html
- Kansas Reflector (tech lobbying): https://kansasreflector.com/2026/03/05/tech-companies-vie-for-influence-over-kansas-app-store-age-verification-legislation/
- ICMEC CSAM model legislation: https://www.icmec.org/csam-model-legislation/
- Ohio competing bills (Meta vs Google): https://www.ideastream.org/2025-10-15/meta-google-push-two-different-ohio-age-verification-policies
- Bob Cunningham ND testimony: https://ndlegis.gov/assembly/69-2025/testimony/SINBUS-2380-20250210-36541-F-CUNNINGHAM_ROBERT.pdf
- ICMEC Virginia presentation: https://studiesvirginiageneralassembly.s3.amazonaws.com/meeting_docs/documents/000/002/391/original/ICMEC_Age_Assurance.pdf
- Alabama HB-161: https://www.digitalchildhoodalliance.org/alabama-unanimously-passes-hb-161-the-first-app-store-accountability-act-bill-of-2026/
- ageverificationpolicy.org (ICMEC): https://www.ageverificationpolicy.org/daaa/