The Minnesota Age-Appropriate Design Code Act introduces new obligations for businesses that develop online services, products, or features likely to be accessed by children. The legislation mandates that these businesses prioritize children's best interests, particularly regarding privacy, safety, and well-being, especially when commercial interests conflict. Businesses are required to conduct data protection impact assessments for new offerings aimed at children, maintain documentation of these assessments, and provide them to the attorney general upon request. Additionally, the bill requires that default privacy settings be configured to ensure a high level of privacy for children and that privacy information is communicated in a clear and age-appropriate manner.

The bill also defines key terms related to children's data privacy and specifies the scope of businesses subject to the law, including those with significant revenue or data processing activities involving children's personal data. Certain exemptions are provided for entities governed by health privacy laws or primarily engaged in journalism. Enforcement mechanisms are established, allowing the attorney general to impose civil penalties for violations, while businesses in substantial compliance may receive notice and an opportunity to rectify issues without penalties. The act is set to take effect on July 1, 2025, requiring businesses to complete assessments for legacy products by that date.