Platform Accountability & Governance

Platform Governance Laws & Regulations

Background

Legislators are increasingly looking to pass laws that would regulate different practices and functions of online platforms to prevent harms to users.

Documents

Legislators are increasingly looking to pass laws that would regulate different practices and functions of online platforms to prevent harms to users. These laws can be categorized into overlapping groups based on their goals and/or the tools they use to regulate companies. For example, privacy laws seek to regulate how online platforms collect and use their users’ personal information. Design codes protect users from platform design choices that have been identified to have harmful side-effects, such as dark patterns that manipulate users or addictive features. Duties of care and loyalty seek to align companies’ goals with those of their users, ensuring that companies have a legal duty to put users first when deciding how to design and run their platforms. Child protection laws seek to make platforms a safe place for children. And proposals to amend Section 230 seek to incentivize online platforms to act more responsibly by narrowing the situations in which they have immunity for harms that they cause to users.

Many times, these laws overlap. For example, a child protection law may incorporate design codes and/or duties of care and loyalty.

Like any part of platform governance, the laws’ effects on users’ safety, privacy, and speech depend greatly on the specifics of the function being regulated, the way the law is enforced, etc.

EPIC’s Model Age-Appropriate design code

In February 2026, EPIC published a Model Age-Appropriate Design Code bill that establishes strong privacy and online safety protections for minors.  

The model bill centers privacy and safety as a function of platform design, building off Vermont’s Age-Appropriate Design Code and integrating lessons from new research and recent litigation.  

The bill: 

  • Gives children agency over their online experiences;  
  • Prohibits specific high-risk design practices;  
  • Requires large companies to evaluate design features for risk of compulsive use; and  
  • Provides critical transparency for researchers, policymakers, and users into companies’ design practices. 

In drafting the model bill, EPIC relied on its deep privacy knowledge, significant state policy experience, and expertise in speech-protective platform regulation. The model bill has been carefully designed to avoid constitutional issues that have been raised over similar child online safety laws.

Learn more about EPIC’s model Age-Appropriate Design Code here.  

Recent Documents on Platform Governance Laws & Regulations

See More in the Digital Library

Top Updates

Illinois passes Children’s Social Media Safety Act

June 1, 2026

EPIC Encourages CalPrivacy to Prohibit Dark Patterns in Privacy Policies

May 20, 2026

EPIC Joins Bipartisan Coalition Calling on State AGs to Hold Apple, Google Accountable for Platforming ‘Nudify’ Apps

May 19, 2026

All Updates

Defend Privacy. Support EPIC.

EPIC's work is funded by the support of individuals like you, who help us to continue to protect privacy, open government, and democratic values in the information age.

Donate