This website uses cookies

Read our Privacy policy and Terms of use for more information.

🎙️ Episode 29 is live

SCOTUS clears app-store age checks; seven deadlines in three weeks · ~8 min listen

The Supreme Court declined to block Texas's app-store age-verification law on 6 July — the first appellate green light for device-level age checks in the United States — even as a federal judge in Nebraska enjoined that state's parallel mandate days earlier. Meanwhile China promulgated mandatory annual data-security risk assessments, the EDPB reset the anonymisation bar, and seven hard deadlines land between today and 2 August.

Top 5 Stories

  1. SCOTUS leaves Texas SB 2420 enforceable. On 6 July the Court denied applications to vacate the Fifth Circuit's stay (Nos. 25A1389, 25A1390), leaving app-store age-category and parental-consent duties enforceable during appeal. Brief, unsigned, no noted dissent — not a merits ruling.

  2. Nebraska LB 383's age-verification core preliminarily enjoined. Judge John Gerrard granted NetChoice's motion in part on 27 June, holding third-party age verification and express parental consent likely violate the First Amendment. Unenjoined provisions took effect 1 July.

  3. CAC Order No. 24 — annual data risk assessments, effective 20 August. Article 5 mandates an annual assessment for important-data processors; Article 16 requires filing within 20 working days; Article 12 bars the same assessor for more than three consecutive years; Article 19 permits suspension of important-data processing entirely.

  4. FedRAMP Ready retires 28 July. No new Ready submissions after 28 July. Existing holders move through Ready Conversion. Temporary Rev5 Program Certification opens 10 August; FedRAMP 20x Class A opens 3 August; CR26 mandatory for every offering 1 January 2027.

  5. UK BNPL enters the FCA perimeter 15 July. S.I. 2025/1154 brings deferred payment credit into scope of s.189 Consumer Credit Act 1974. Authorisation or temporary permission, affordability checks, Consumer Duty, s.75 protections and FOS jurisdiction all attach.

Deadlines

  • Jul 10 — AMLA Single Rulebook standards due to Commission

  • Jul 14 — CNIL pixel-use notice window closes

  • Jul 15 — UK BNPL becomes regulated deferred payment credit; China's anthropomorphic-AI measures take effect

  • Jul 17 — Member States must identify critical entities under the CER Directive

  • Jul 18 — GENIUS Act stablecoin final-rule deadline; Canada's Bill C-16 in force

  • Jul 25 — Ofcom's statutory age-assurance report due under OSA s.157

  • Jul 28 — FedRAMP Ready designation retires

  • Aug 02 — EU AI Act Art. 50 + GPAI penalty powers apply; CA SB 942 operative

  • Aug 20 — CAC Order No. 24 network data risk assessments take effect

CyberEyeQ — Actionable Regulatory Intelligence. This episode is for informational purposes only and does not constitute legal advice.

Keep Reading