TheArtOfService
Back to Frameworks

Kids Online Safety Act (KOSA)

Self-Assess
United States
v2024
8 domains
8 controls

The Kids Online Safety Act (KOSA) establishes a duty of care for covered online platforms to prevent and mitigate harms to minors. It requires platforms to provide safeguards for minors by default, give minors and parents tools to protect against harmful content, and requires the FTC to establish best practices. Enacted as part of broader children's online safety legislation.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (8)

KOSA Age Verification + Inference

1 controls
Controls in the KOSA Age Verification + Inference domain of Kids Online Safety Act (KOSA)1 controls
CodeTitle
KOSA-Age-Verification-Inference-Section2-Knowledge-Standard-Reasonable-Steps-Age-Inference-Methods-Privacy-PreservingKOSA Age Verification + Inference + Section 2 Knowledge Standard + Reasonable Steps + Age Inference Methods + Privacy-Preserving + Cohort Estimation + Facial Age Estimation + ID-Based + Parental Confirmation + Avoid Over-Verification

KOSA Default Safeguards

1 controls
Controls in the KOSA Default Safeguards domain of Kids Online Safety Act (KOSA)1 controls
CodeTitle
KOSA-Default-Safeguards-Minors-Section4-Strong-Privacy-Time-Limits-Content-Filters-Restricted-Contact-Geographic-LocationKOSA Default Safeguards for Minors + Section 4 + Strong Privacy Settings + Time Management + Content Filtering + Restricted Contact + Geographic Location Default Off + Personalized Recommendations Opt-Out + Direct Messaging Restrictions + Minor Account Designation

KOSA Duty of Care

1 controls
Controls in the KOSA Duty of Care domain of Kids Online Safety Act (KOSA)1 controls
CodeTitle
KOSA-Duty-of-Care-Section3-Covered-Platforms-Mental-Health-Substance-Use-Suicide-Eating-Disorders-Sexual-ExploitationKOSA Duty of Care + Section 3 + Covered Platforms + Mental Health + Substance Use + Suicide + Eating Disorders + Sexual Exploitation + Online Bullying + Physical Violence + Predatory Marketing + Compulsive Use + Covered Harms Enumerated

KOSA Enforcement + FTC + State AG

1 controls
Controls in the KOSA Enforcement + FTC + State AG domain of Kids Online Safety Act (KOSA)1 controls
CodeTitle
KOSA-Enforcement-FTC-Section10-State-AG-Sole-Civil-Penalty-43792-Per-Violation-No-Private-Right-of-ActionKOSA Enforcement + Section 10 + FTC Sole Federal Authority + State AG Concurrent + NO Private Right of Action + Civil Penalty up to USD 43,792 Per Violation + Injunctive Relief + State AG Notice to FTC + Multi-State Coordination + Cure Period for Smaller Platforms

KOSA Independent Audit

1 controls
Controls in the KOSA Independent Audit domain of Kids Online Safety Act (KOSA)1 controls
CodeTitle
KOSA-Independent-Audit-Section8-Annual-Third-Party-FTC-Approved-Auditor-Compliance-Verification-Public-SummaryKOSA Independent Audit + Section 8 + Annual + Third-Party + FTC-Approved Auditor + Compliance Verification + Public Summary + Multi-Layer Audit + Risk Assessment Verification + Safeguard Effectiveness + Algorithmic System Audit

KOSA Parental Tools

1 controls
Controls in the KOSA Parental Tools domain of Kids Online Safety Act (KOSA)1 controls
CodeTitle
KOSA-Parental-Tools-Section5-Notification-Control-Account-Privacy-Time-Spending-Limits-Minor-Account-IdentificationKOSA Parental Tools + Section 5 + Notification + Control + Account Privacy + Time + Spending Limits + Minor Account Identification + Parental Override + Confirmation + Linked Accounts + Reasonable Tools

KOSA Researcher Access

1 controls
Controls in the KOSA Researcher Access domain of Kids Online Safety Act (KOSA)1 controls
CodeTitle
KOSA-Researcher-Access-Section7-Qualified-Researchers-Public-Interest-Research-Approval-Process-Data-Sharing-ProtectionsKOSA Researcher Access + Section 7 + Qualified Researchers + Public Interest Research + Approval Process + Data Sharing + Privacy Protections + Methodology Standards + Public Reporting + Academic + Civil Society + Government Researchers

KOSA Transparency Reporting

1 controls
Controls in the KOSA Transparency Reporting domain of Kids Online Safety Act (KOSA)1 controls
CodeTitle
KOSA-Transparency-Reporting-Section6-Annual-Disclosure-Risk-Assessment-Independent-Audit-Researcher-Access-Public-ReportKOSA Transparency Reporting + Section 6 + Annual Public Disclosure + Risk Assessment Findings + Independent Audit Results + Researcher Access Reports + Public Report + Reporting Mechanism Statistics + Content Moderation Metrics + Algorithmic Disclosure

Your Compliance Coverage

If you comply with Kids Online Safety Act (KOSA), you already cover:

Vietnam Law on Cybersecurity (No. 24/2018/QH14)

38%

3 controls mapped

Compare →

Barbados Data Protection Act 2019

38%

3 controls mapped

Compare →

Florida Digital Bill of Rights (FDBR)

38%

3 controls mapped

Compare →

+ 45 more: Azure Security Benchmark (25%), Vermont Artificial Intelligence and Consumer Data Act (AICDA) (25%)

See all 48 mapped frameworks ↓

Maps to 48 other frameworks

8 total controls
Vietnam Law on Cybersecurity (No. 24/2018/QH14)
3 source controls mapped|2 target controls covered
38%
Barbados Data Protection Act 2019
3 source controls mapped|4 target controls covered
38%
Florida Digital Bill of Rights (FDBR)
3 source controls mapped|3 target controls covered
38%
Azure Security Benchmark
2 source controls mapped|1 target controls covered
25%
Vermont Artificial Intelligence and Consumer Data Act (AICDA)
2 source controls mapped|1 target controls covered
25%
USMCA Chapter 19 - Digital Trade (United States-Mexico-Canada Agreement)
2 source controls mapped|2 target controls covered
25%
US Children's Online Privacy Protection Act (COPPA) and COPPA 2.0 Proposed Updates
2 source controls mapped|1 target controls covered
25%
Tennessee Information Protection Act (TIPA)
2 source controls mapped|3 target controls covered
25%
TEFCA - Trusted Exchange Framework and Common Agreement
2 source controls mapped|1 target controls covered
25%
Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA)
2 source controls mapped|1 target controls covered
25%
Russia Federal Law on Personal Data (152-FZ)
2 source controls mapped|2 target controls covered
25%
Privacy Act 1988 (Australia)
2 source controls mapped|2 target controls covered
25%
Pakistan Personal Data Protection Bill 2023
2 source controls mapped|1 target controls covered
25%
NIST Privacy Framework
2 source controls mapped|1 target controls covered
25%
Ley Orgánica de Protección de Datos Personales (LOPDP)
2 source controls mapped|1 target controls covered
25%
Law No. 172-13 on the Protection of Personal Data
2 source controls mapped|1 target controls covered
25%
South Korea PIPA
2 source controls mapped|1 target controls covered
25%
GDPR
2 source controls mapped|3 target controls covered
25%
ISO/IEC 29134:2023
2 source controls mapped|3 target controls covered
25%
ISO/IEC 27014:2020
2 source controls mapped|2 target controls covered
25%
ISO/IEC 29100:2024
2 source controls mapped|3 target controls covered
25%
ISO/IEC 23894:2023
2 source controls mapped|1 target controls covered
25%
Bahrain PDPL
2 source controls mapped|3 target controls covered
25%
APPI
2 source controls mapped|3 target controls covered
25%
ISO/IEC 38500:2024 - Governance of IT
2 source controls mapped|1 target controls covered
25%
ISO/IEC 27400:2022
2 source controls mapped|2 target controls covered
25%
Armenia Law on Protection of Personal Data (2015)
2 source controls mapped|3 target controls covered
25%
Australian Privacy Principles (APPs)
2 source controls mapped|3 target controls covered
25%
ISO/IEC 27557:2022 - Organisational Privacy Risk Management
2 source controls mapped|2 target controls covered
25%
ISO/IEC 23837 - Security Requirements for Quantum Key Distribution
2 source controls mapped|1 target controls covered
25%
Azerbaijan Law on Personal Data (2010)
2 source controls mapped|3 target controls covered
25%
Austria Data Protection Act (Datenschutzgesetz, DSG, amended 2018)
2 source controls mapped|3 target controls covered
25%
COSO Internal Control - Integrated Framework (2013)
2 source controls mapped|1 target controls covered
25%
Estonia Personal Data Protection Act (Isikuandmete kaitse seadus, 2019)
2 source controls mapped|1 target controls covered
25%
Illinois Biometric Information Privacy Act (BIPA)
2 source controls mapped|1 target controls covered
25%
Kentucky Consumer Data Protection Act
2 source controls mapped|2 target controls covered
25%
ITU-T X.805 - Security Architecture for End-to-End Communications
2 source controls mapped|1 target controls covered
25%
FTC GLBA Safeguards Rule (16 CFR Part 314)
2 source controls mapped|1 target controls covered
25%
Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL)
2 source controls mapped|3 target controls covered
25%
Albania Law on Protection of Personal Data (Law No. 9887, 2008, amended 2014)
2 source controls mapped|1 target controls covered
25%
Voluntary Principles on Security and Human Rights (VPs)
1 source controls mapped|1 target controls covered
13%
UAE Virtual Asset Regulatory Authority (VARA) Regulations
1 source controls mapped|1 target controls covered
13%
Nevada Gaming Control Board Cybersecurity Requirements
1 source controls mapped|1 target controls covered
13%
ISO 27019
1 source controls mapped|1 target controls covered
13%
IAIS Insurance Core Principles (ICPs)
1 source controls mapped|1 target controls covered
13%
IEC 62443
1 source controls mapped|1 target controls covered
13%
API 1164
1 source controls mapped|1 target controls covered
13%
German Supply Chain Due Diligence Act (LkSG)
1 source controls mapped|1 target controls covered
13%
Compare Kids Online Safety Act (KOSA) with Vietnam Law on Cybersecurity (No. 24/2018/QH14)

Frequently Asked Questions

What is Kids Online Safety Act (KOSA)?

Kids Online Safety Act (KOSA) is a compliance framework from United States with 8 domains and 8 controls. The Kids Online Safety Act (KOSA) establishes a duty of care for covered online platforms to prevent and mitigate harms to minors. It requires platforms to provide safeguards for minors by default, give minors and parents tools to protect against harmful content, and requires the FTC to establish best practices. Enacted as part of broader children's online safety legislation. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does Kids Online Safety Act (KOSA) have?

Kids Online Safety Act (KOSA) has 8 controls organised across 8 domains. The largest domains are KOSA Age Verification + Inference (1 controls), KOSA Default Safeguards (1 controls), KOSA Duty of Care (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does Kids Online Safety Act (KOSA) map to?

Kids Online Safety Act (KOSA) maps to 48 other compliance frameworks. The top mapping partners are Vietnam Law on Cybersecurity (No. 24/2018/QH14) (38% coverage), Barbados Data Protection Act 2019 (38% coverage), Florida Digital Bill of Rights (FDBR) (38% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with Kids Online Safety Act (KOSA) compliance?

Start your Kids Online Safety Act (KOSA) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Kids Online Safety Act (KOSA) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 8 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.

Get Started Free →

Free forever — no credit card required