ESRB Privacy Certified
ESRB Privacy Certified (EPC) is one of the FTC-approved Children's Online Privacy Protection Act (COPPA) Safe Harbor programs (16 CFR Part 312, Section 312.11), operated by the Entertainment Software Rating Board since 1999. Members enter a contractual agreement with ESRB, submit each product/service for review, and undergo ESRB's comprehensive privacy assessment process plus at least two ongoing compliance reports per year and spot audits. EPC offers two seals: the ESRB Privacy Certified Seal (general audience) and the ESRB Privacy Certified Kids Seal (child-directed products). The full normative Member Guidelines and Kids Seal Requirements are FTC-approved but delivered to members under contractual membership; the program's structure and obligations - anchored in COPPA's notice, parental consent, data minimisation, retention/deletion, security and parental access requirements - are publicly documented on esrb.org.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (5)
ESRB Privacy Certified - Child-Specific Controls
| Code | Title |
|---|---|
| ESRB-PC-17 | Behavioural advertising and targeted-advertising controls |
| ESRB-PC-18 | Age screening and mixed-audience determination |
| ESRB-PC-19 | Geolocation and persistent identifiers |
| ESRB-PC-20 | User-generated content, photos, video, audio and moderation |
ESRB Privacy Certified - Data Practices and Rights
| Code | Title |
|---|---|
| ESRB-PC-10 | Data minimisation for child personal information |
| ESRB-PC-11 | Internal Operations Exception scope |
| ESRB-PC-12 | Parental access, review and deletion rights |
| ESRB-PC-13 | Data retention and secure deletion |
| ESRB-PC-14 | Third-party and SDK due diligence |
ESRB Privacy Certified - Notice and Parental Consent
| Code | Title |
|---|---|
| ESRB-PC-06 | Online Privacy Notice (privacy policy) |
| ESRB-PC-07 | Direct Notice to parents |
| ESRB-PC-08 | Verifiable Parental Consent (VPC) |
| ESRB-PC-09 | Material change notification |
ESRB Privacy Certified - Program Eligibility and Operation
| Code | Title |
|---|---|
| ESRB-PC-01 | COPPA Safe Harbor program eligibility and Seal selection |
| ESRB-PC-02 | Initial certification assessment and ESRB review |
| ESRB-PC-03 | Ongoing compliance reports, spot audits and annual recertification |
| ESRB-PC-04 | Use of the certification Seal |
| ESRB-PC-05 | Complaint handling and dispute resolution mechanism |
ESRB Privacy Certified - Security and Operational Safeguards
| Code | Title |
|---|---|
| ESRB-PC-15 | Confidentiality, security and integrity of child PI |
| ESRB-PC-16 | Incident handling and ESRB notification |
Your Compliance Coverage
If you comply with ESRB Privacy Certified, you already cover:
Maps to 3 other frameworks
Frequently Asked Questions
What is ESRB Privacy Certified?
ESRB Privacy Certified is a compliance framework from United States (ESRB / FTC) with 5 domains and 20 controls. ESRB Privacy Certified (EPC) is one of the FTC-approved Children's Online Privacy Protection Act (COPPA) Safe Harbor programs (16 CFR Part 312, Section 312.11), operated by the Entertainment Software Rating Board since 1999. Members enter a contractual agreement with ESRB, submit each product/service for review, and undergo ESRB's comprehensive privacy assessment process plus at least two ongoing compliance reports per year and spot audits. EPC offers two seals: the ESRB Privacy Certified Seal (general audience) and the ESRB Privacy Certified Kids Seal (child-directed products). The full normative Member Guidelines and Kids Seal Requirements are FTC-approved but delivered to members under contractual membership; the program's structure and obligations - anchored in COPPA's notice, parental consent, data minimisation, retention/deletion, security and parental access requirements - are publicly documented on esrb.org. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does ESRB Privacy Certified have?
ESRB Privacy Certified has 20 controls organised across 5 domains. The largest domains are ESRB Privacy Certified - Data Practices and Rights (5 controls), ESRB Privacy Certified - Program Eligibility and Operation (5 controls), ESRB Privacy Certified - Child-Specific Controls (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does ESRB Privacy Certified map to?
ESRB Privacy Certified maps to 3 other compliance frameworks. The top mapping partners are COPPA (55% coverage), GDPR (15% coverage), UK Age Appropriate Design Code (Children's Code) (15% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with ESRB Privacy Certified compliance?
Start your ESRB Privacy Certified compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about ESRB Privacy Certified requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 20 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required