As 2026 looms, the voyage of Sen. John Husted’s (R-Ohio) Children Harmed by AI Technology (CHAT) Act from proposal into law seems likely to carry on apace. The bill — which would, under the banner of protecting children, require a staggeringly broad array of artificial intelligence (AI) services to enforce age verification upon their users — merits no commendation, except perhaps for its sponsor’s intentions.
The CHAT Act benefits from one of the oldest biases in politics: lawmakers project hosts of imagined virtues and benefits that are to be created by their proposals, no matter how uncertain, overlooking or neglecting to mention shortcomings that, to more candid observers, seem likely or even sure to damage the interests or liberties of their constituents. “No difficulties occur in what has never been tried,” as Edmund Burke observed. Proposed children’s online safety legislation, moreover, enjoys a greater degree of deference than most, for who in good faith could object to protecting children? (RELATED: Parents Have Everything They Need to Keep Their Children Safe Online)
Age verification … amounts to a show-your-papers regime, threatening to precondition Americans’ access to many ordinary digital services on their submission to that regime.
Even still, a closer look at the CHAT Act’s form and structure, its logic, and its individual provisions, reveals that it would in fact endanger not only children but all Americans. The bill’s central provision, age verification, to which all Americans, irrespective of age, would have to submit, contains double cause for worry. To determine which users have yet to reach the age of majority, all must submit to age verification. Age verification — which generally requires users to offer up government documentation or to undergo a facial scan — amounts to a show-your-papers regime, threatening to precondition Americans’ access to many ordinary digital services on their submission to that regime. That alone ought to bring out Americans’ well-developed skittishness about governmental encroachments into their lives and liberties. (RELATED: Conservative Principles Lost in Tech Regulation)
Practically, age verification, which requires the collection and storage of personal information, imperils the privacy of every user subjected to it. Troves of data maintained by technology platforms routinely fall victim to hacks, data breaches, and other cybersecurity incidents. So too do third-party vendors that purport to offer secure identity- and age-verification services. (RELATED: EU Censorship Metastasizes)
“Outabox, which provided facial-recognition services to various in-person businesses, announced a massive cybersecurity breach in 2024 resulting in the piracy of more than one million consumer records. AU10TIX, an identity-verification service used by recognizable platforms like Uber, TikTok, X, and LinkedIn, is another victim of cybercrime,” the Taxpayers Protection Alliance, my employer, noted in an amicus brief at the Supreme Court last summer. (RELATED: Britain’s Online Safety Act Might Come to America)
Then fall came, vindicating our argument: In October, Discord made public the breach of a third-party vendor, reporting that “approximately 70,000 users…may have had government-ID photos exposed, which our vendor used to review age-related appeals.” As Justice Samuel Alito put it, pithily, in a January 2025 oral argument, “There have been hacks of everything.”
The privacy and data-security dangers inherent in age verification are particularly acute for children, a demographic already beset by identity theft. “Minors are appealing targets for identity thieves,” the R Street Institute found, continuing: “The problem is so extensive that research by Experian suggests that 25 percent of children will be victims of identity fraud or theft by the time they are 18.” Enforcing age verification and ensuring that cybercriminals and their clientele have ready access to children’s personal information is a gust of wind that can only feed these flames, likely to transform an already substantial fire into a runaway blaze. (RELATED: Washington’s Reverse Midas Touch)
Parents, too, have little reason to welcome the CHAT Act’s innovations. After determining a prospective user to be underage, the bill would require AI models to “obtain verifiable parental consent … before allowing a minor to access and use the companion AI chatbot.” The data collection needed for simple age verification pales by comparison with the data collection necessitated by an enforced parental-consent process, which, perforce, involves a determination not just of age, but of identity — the identity of the parent, the identity of the child, and the veracity of the parent-child relationship. The amount of data that the CHAT Act proposes to collect is immense and, in light of the attendant cybersecurity and privacy risks, somewhat shocking.
The divergence between advocates of so-called child safety legislation and those opposing these proposals has little to do with whether children ought to be protected online; all agree that they must be. Instead, on one side of this divide stand those who cannot see the second- and third-order effects of their favored policies; on the other, those who are sensible of those dangers and who seek better means to secure a common end.
READ MORE from David B. McGarry:
Parents Have Everything They Need to Keep Their Children Safe Online
Conservative Principles Lost in Tech Regulation
When Government Competes, America Loses
David B. McGarry is the research director at the Taxpayers Protection Alliance.
![Scott Bessent Explains The Big Picture Everyone is Missing During the Shutdown [WATCH]](https://www.right2024.com/wp-content/uploads/2025/11/Scott-Bessent-Explains-The-Big-Picture-Everyone-is-Missing-During-350x250.jpg)
