This bill introduces a new chapter, Chapter 507-J, to the existing law, which mandates that commercial entities—defined as those that own, operate, or control a website or application that publishes a substantial portion of material harmful to minors—must implement age verification procedures. Specifically, these entities are required to verify the age of users attempting to access such material using a "reasonable age verification method," which may include government-issued ID checks by third-party services. The bill also stipulates that no personal identifying information should be retained during this verification process, and a clear warning message about the age verification requirement must be displayed on the landing page.

In terms of enforcement, the bill establishes a private right of action for parents or legal guardians of minors who access harmful material due to a commercial entity's failure to comply, allowing them to seek damages of up to $10,000 per violation. Additionally, the attorney general is empowered to pursue civil penalties of up to $25,000 per violation against non-compliant entities. The bill explicitly states that commercial entities cannot claim immunity under Section 230 of the federal Communications Decency Act in such cases. Furthermore, it includes provisions to protect data privacy by prohibiting the retention, storage, or sale of personal information used for age verification, with penalties for violations. Exemptions are provided for news organizations, libraries, museums, and educational institutions distributing material for legitimate purposes. The act is set to take effect on January 1, 2027.