Political Attacks

In recent years, state lawmakers have been so active in their efforts to regulate and restrict adult content on the internet that it can be difficult to keep track of the various bills, proposals and amendments to existing law coursing through legislatures across the country. Below is a summary of the latest news on state legislation that has been debated, passed and/or come into force in 2026.

States in which new laws have recently come into effect:

Utah (SB 73): Utah’s amendments to the state’s age verification mandate for websites that offer adult material impose a 2% excise tax on all companies required to perform age verification under the law. It also replaces current Utah age verification law’s private right of action with enforcement by the Utah Division of Consumer Protection, which can issue fines of up to $2,500 per violation plus costs and damages awards to consumers ‘injured’ by a violation of the law. The law also makes companies liable for verifying the age of users located in Utah, even if the user is concealing their location through use of a VPN or other technical measure. Most of the law’s provisions are now in effect; the excise tax provisions take effect October 1, 2026.

West Virginia (HB 4412): HB 4412 requires websites that contain over 33-1/3% material deemed “harmful to minors” to verify the age of users, either through use of a government-issued ID or through transactional data. The law authorizes the West Virginia Office of Technology to create specific rules for how age verification must be performed under the law. HB 4412 also creates a private right of action to pursue actual damages from offenders, plus up to $10,000 per violation. The state attorney general is also authorized to bring actions against suspected violators $10k per day of violation, plus up to $250,000 if a minor can access the alleged harmful material. The law goes into effect on June 12, 2026.

States in which bills have passed in both legislative chambers, but aren’t yet in force:

Missouri (HB 1839): HB 1839 would enact heavier penalties for violating the state’s existing age verification mandate. These penalties include a fine of up to $250,000 if a minor can access “material harmful to minors” as defined under the law. The revised law would also lower the standard of knowledge required to create liability from “knowing or with reckless disregard” to “knowingly and intentionally.” Age verification under law must be performed by a third-party entity and does not allow for covered entities to propose an alternative age verification method, even if that method is shown to be equally effective as the methods proscribed by the law. HB 1839 passed in the Missouri Senate on April 30 and has been placed on the “informal calendar” of the Missouri House.

Iowa (HF 864): HF 864 would create an age verification mandate for websites on which 33% or more of the “data publicly available” is deemed “pornographic for minors.” Permitted age verification methods under the law include digital identification, any method which is “commercially reasonable given a person’s scope of business and that relies on transactional data to verify an individual’s age” and a “method approved by the attorney general by rule.” Under the law, the attorney general can bring actions for civil penalties of up to $1,000 per violation, with a maximum penalty of $10,000 per day. The law specifies that each time an individual user accesses a website or app not in compliance with the law constitutes a separate violation. The latest version of the bill passed a House vote on April 30. If the bill is signed into law, it will take effect on July 1, 2026.

States in which bills have passed in a single chamber:

California (AB 1856): Last year, California passed the “Digital Age Assurance Act” (AB 1043), an act which required internet-enabled devices to data on collect users’ age brackets to be shared with mobile apps. AB 1856 would broaden the law to require that users’ age brackets be shared with websites, as well. AB 1856 passed in the Assembly Privacy committee and was referred to the Appropriations committee on April 27, 2026.

Ohio (HB 84): HB 84 applies to sites whereon a “significant or substantial portion” of the site’s content, revenue, stock-in-trade, or display space involves material that is “obscene or harmful” to juveniles. What precisely constitutes a “significant or substantial portion” is left undefined in the bill. The bill allows for government-issued photo IDs, public or private transactional data (employment records, credit card data, mortgage information and the like) processed through a commercial age verification system or third-party services that use the above, as acceptable methods of age verification. Under the bill, violations are a first-degree misdemeanor, with each day of noncompliance considered a separate offense. Both the organization and individual employees and officers of the organization can be charged under the bill. Minors (or their parents or guardians) can bring private civil actions seeking injunctive relief and attorney fees. HB 84 has been passed by the Ohio House and is now pending in the Senate.

Iowa (HF 2606 and SF 443): In addition to HF 864 (described above), the Iowa legislature is debating HF 2606 and SF 443, which also pertain to age verification, but with different provisions from HF 864. Like HF 864, HF 2606 (formerly known as HF 2274) holds that websites must verify the age of their users if over 33% of the “total amount of data publicly available” on the site is pornographic. HF 2606 also mirrors the civil penalties envisioned in HF 864, with the attorney general authorized to seek up to $1,000 per violation, with a maximum penalty of $10,000 per day. HF 2606 also requires the attorney general to “adopt rules to implement and administer the bill.”

SF 443 (previously designated SF 207) would apply to any “commercial entity for which it is in the regular course of the trade or business of the entity to create, host, or make available, on the internet, obscene material,” without the 33% threshold present in HF 2274. Under SF 443, the attorney general has “the sole authority to bring civil action to provide for civil penalties in an amount not more than one hundred thousand dollars.” SF 443 is currently pending before the Iowa Senate Technology Committee.

SALT LAKE CITY — Utah’s latest update to its age-verification law took effect this week, but critics say the changes could create major compliance headaches for online platforms while raising broader concerns about privacy and internet access.

The newly enforceable provisions under SB 73 expand the state’s existing age-verification requirements in several ways. The law now gives the Utah Division of Consumer Protection authority to enforce the mandate directly, prohibits platforms from encouraging users to bypass restrictions through virtual private networks (VPNs) or similar tools, and requires covered websites to verify the age of users physically located in Utah regardless of the IP address attached to the connection.

That last part is what’s getting the most attention.

In a statement posted Tuesday, the Free Speech Coalition warned that the law could complicate compliance strategies many platforms currently rely on.

“In practical terms, this means that compliance strategies that depend on IP addresses, such as geoblocking may not be effective at mitigating liability,” the organization said.

The group noted that even platforms already conducting age verification for Utah visitors could still face legal exposure if a resident uses a VPN to mask their location or if an IP address is incorrectly associated with another nearby state such as Arizona or Nevada. And honestly, that’s where the situation starts to feel messy fast. Internet geography has never exactly been precise.

FSC Executive Director Alison Boden said the updated law creates a difficult environment for websites attempting to comply.

“Determining geolocation based on IP address is imperfect,” Boden said. “With SB 73, Utah is effectively overriding the laws of every other jurisdiction and requiring platforms to age-verify every single visitor to their sites. Platforms should discuss how to approach this situation with their attorneys.”

The organization also pointed out that another section of SB 73 — a new 2% excise tax on adult content sales within Utah — is scheduled to take effect Oct. 1, 2026.

Privacy advocates and digital rights groups have also raised concerns about the law’s provisions surrounding VPNs.

Critics argue the restrictions could create constitutional issues while weakening online privacy protections not only for Utah residents, but potentially for internet users more broadly. VPNs are commonly used for far more than bypassing geographic restrictions. Many people rely on them for security, encrypted browsing, or simply keeping personal data away from advertisers and data brokers.

In an analysis of SB 73, Rindala Alajaji, associate director of state affairs for the Electronic Frontier Foundation, argued the law’s new provisions are unlikely to stop determined minors from accessing restricted content.

“Won’t stop a tech-savvy teenager, but they certainly will impact the privacy of every regular Utah resident who just wants to keep their data out of the hands of brokers or malicious actors,” Alajaji wrote.

She added that the broader implications extend beyond Utah itself.

“Attacks on VPNs are, at their core, attacks on the tools that enable digital privacy,” Alajaji said. “Utah is setting a precedent that prioritizes government control over the fundamental architecture of a private and secure internet, and it won’t stop at the state’s borders.”

Additional guidance and policy analysis surrounding SB 73 has been made available through the Free Speech Coalition’s policy resources and action center for members and non-members seeking more information about the law and its implementation.

The fear is real. That’s probably why this debate has gotten so heated so fast.

Parents worry about what kids are seeing online. They worry about pornography, self-harm content, predators, manipulative social media algorithms, all of it. Most people — honestly, probably almost everyone — agree children shouldn’t have unrestricted access to harmful material online.

But critics of the current push for age verification laws say governments and tech companies are moving too aggressively, and with consequences that could permanently reshape online privacy and anonymity.

What started years ago with a simple “Are you over 18?” checkbox has evolved into something much larger. Across multiple countries, age-verification systems now increasingly rely on government IDs, facial scans, video uploads and even biometric data. And with every new layer of verification comes another question hanging in the air: Where does all that information go?

When Data Is Collected, It Eventually Leaks

The risks tied to large-scale data collection are no longer theoretical. Last October, chat platform Discord disclosed that hackers had accessed records belonging to more than 70,000 users through a third-party vendor handling age-verification services for the company. The breach reportedly included photographs of government-issued identification documents.

Privacy advocates argue that incidents like that are almost inevitable when sensitive personal information is stored in centralized databases. The more valuable the data becomes, the larger the target grows for cybercriminals. And while major companies may invest heavily in security, critics say the broader ecosystem of smaller platforms and vendors often remains vulnerable.

Even outsourcing age checks to specialized verification companies does not eliminate the risks, opponents argue. In some ways, they say, it concentrates them. Businesses whose primary function revolves around storing identity information become attractive targets for hackers and potentially lucrative repositories for consumer data.

And there’s another concern quietly lingering beneath the surface: monetization. Companies that collect vast amounts of personal information may eventually face pressure to commercialize that data in some form, particularly if verification services become expensive to maintain.

There Are Few Trusted Players in This Debate

Governments have also faced scrutiny over their handling of age-verification systems.

The European Union recently introduced a mobile application intended to help verify users’ ages online. Security researchers quickly claimed they had identified major vulnerabilities in the system, with at least one hacker publicly stating flaws were discovered within minutes of testing.

At the same time, calls continue growing for large technology companies to handle age verification directly at the operating-system level. Supporters argue companies like Apple, Google and Microsoft already control the devices people use daily and could enforce protections more effectively than individual websites.

Apple recently announced new age-assurance measures in the United Kingdom, adding fuel to that debate.

But critics remain deeply skeptical about expanding the authority of major tech companies over identity verification and internet access. Those companies, they argue, already built much of today’s advertising-driven internet economy around large-scale data collection and behavioral tracking.

Opponents question whether giving technology giants even more control over who can access apps, websites and digital services would create additional risks surrounding surveillance, competition and consumer privacy.

Concerns Extend Beyond Children’s Accounts

Privacy advocates argue the broader implications stretch far beyond protecting minors.

Many fear that widespread age verification could gradually normalize mandatory identification for nearly all internet activity, regardless of whether the content involved is legal, adult-oriented or politically sensitive.

Technology companies already respond to large volumes of government data requests every year, many involving user information. Critics argue that if governments increasingly require digital identities tied to verified credentials, it could create new mechanisms for tracking online activity and restricting access.

Some opponents warn the systems could eventually expand beyond age restrictions into other forms of digital gatekeeping, including nationality-based restrictions or politically motivated blocks.

Questions surrounding international precedent also continue surfacing. If one country mandates government-linked digital IDs for internet access, critics ask, how long before others follow? And if platforms possess verified identity systems tied to millions of users, what pressure might governments place on those companies to share information or restrict access?

Privacy advocates say anonymity online remains important not only for ordinary users, but also for whistleblowers, dissidents, abuse victims and people seeking sensitive information or support services.

Without anonymity, critics argue, many people may simply stop speaking openly.

Pressure Should Shift — But Not Entirely to Big Tech

Even many critics of age-verification mandates acknowledge technology companies still bear responsibility for protecting younger users online.

Advocates for alternative approaches argue companies should focus more heavily on improving parental-control systems at both the device and application level. Those controls, they say, should be easier to locate, easier to understand and more effective for families trying to manage children’s online access.

Rather than creating universal identification systems for all internet users, critics argue decision-making authority should remain primarily with parents and guardians.

Some privacy advocates also argue that any age-verification system adopted in the future should remain narrowly limited to platforms presenting the highest potential risks, such as pornography sites or certain social media services.

And if governments ultimately decide some form of verification is unavoidable, critics insist strict technical safeguards must be built into the systems from the beginning.

Among the proposals frequently discussed are device-based verification conducted entirely on the user’s phone or computer, temporary facial-age estimation systems that immediately discard biometric data, anonymous “yes or no” age confirmations transmitted under end-to-end encryption, and open-source code allowing independent experts to inspect how the systems operate.

The Core Debate Isn’t Going Away

For opponents of sweeping age-verification systems, the larger issue is not whether children should be protected online. Most agree they should.

The argument instead centers on whether the current solutions risk creating a permanent infrastructure for surveillance, identity tracking and expanded corporate control over internet access.

Critics also point toward the broader economic incentives shaping online platforms. Many argue the advertising-driven business model dominating large parts of the internet encourages companies to maximize engagement, collect personal information and keep users — especially younger users — constantly connected.

Meta, parent company of Facebook and Instagram, has publicly supported age-verification measures for years. Critics argue those efforts may also help shift responsibility for youth safety away from platforms themselves and toward app stores, device makers and governments.

Meanwhile, lawmakers across multiple countries continue searching for ways to address growing public concern over online harms affecting children.

And that’s really the tension sitting underneath all of this. Almost nobody disagrees there are dangers online. The disagreement is about how much privacy society is willing to surrender trying to solve them — and whether those tradeoffs can ever truly be reversed once they become normal.

The phrase “porn in schools” hit like a fire alarm a few years ago. Loud, emotional, impossible to ignore. In 2021, the conservative group Florida Citizens Alliance released its “Porn in Schools Report,” a publication later amplified by Florida Gov. Ron DeSantis. The report claimed sexually inappropriate material was being made available to students in schools. But the books at the center of the controversy weren’t explicit websites or illicit images. They were books written for children and teenagers.

Now, lawmakers in Congress are revisiting that same debate through the proposed Stop the Sexualization of Children Act. The bill would withhold federal funding from schools and libraries that provide access to what its sponsors describe as “sexually oriented material.”

Over five years of tracking book removals nationwide, PEN America says it has not identified a single banned school library book that legally qualifies as pornography. Distributing pornography in schools is already a felony offense carrying potential prison time. Despite repeated allegations surrounding “pornographic” books, the organization says none of the thousands of challenged titles it reviewed meet either a legal or commonly accepted definition of pornography.

According to PEN America, many of the books challenged or removed instead contain LGBTQ+ characters and themes, discussions of race and racism, sexual experiences, or difficult subject matter such as gun violence and sexual abuse.

Supporters of removing the books argue the effort is about protecting children from harmful material. Opponents counter that literature and storytelling remain essential parts of public education and argue students should have access to a wide range of perspectives, identities, histories and experiences through books.

Laney Hawes, co-founder of the Texas Freedom to Read Project, once remarked that “Fear is effective.” That sentiment has become central to the broader debate over book restrictions in schools. Concerns initially framed around pornography, critics argue, expanded into broader disputes involving diversity, equity and inclusion programs, educators, librarians, and discussions surrounding gender identity. In response, states and local governments across the country adopted policies and laws regulating material considered “harmful to minors” or “sexually explicit.”

PEN America says vague language in those policies has often led schools and districts to remove books more broadly than intended. Critics of the congressional proposal question how schools would interpret the measure if it became law. They point to books such as In the Night Kitchen, which includes illustrations of childhood nudity, or Red: A Crayon’s Story, a title frequently associated with themes of identity and acceptance.

The legislation also contains exemptions for certain literary classics identified by Compass Classroom, a homeschooling educational program built around a Bible-based curriculum. However, modern works including The Kite Runner and The Bluest Eye are not specifically exempted. Critics say those books could face restrictions because they contain depictions of sexual violence. They also point to books involving transgender characters, including Gracefully Grayson, as examples of titles that could be affected under the proposal.

If enacted, the bill would place school districts nationwide — including those that have resisted book removals — into the center of the growing debate over educational content. This week, more than 100 organizations urged voters to contact members of Congress and oppose the legislation.

Critics of the proposal argue that claims involving pornography, dangerous books, or harmful educators have shaped public debates in communities across the country despite little evidence supporting many of the accusations. They say the controversy has increasingly blurred distinctions between explicit material and books that simply address difficult or controversial subjects.

Some opponents also argue the effort connects to a broader political movement supporting school vouchers and expanded private education options, themes associated with Project 2025. Others point to parents who encounter isolated excerpts from books online and later campaign for their removal, despite ongoing disagreement among researchers and educators about whether exposure to such literature causes harm.

At the same time, students, parents, teachers, librarians and authors continue pushing back against book removals in schools. Supporters of broader access to literature argue books can strengthen critical thinking, improve academic performance, encourage empathy and reduce stress. Multiple studies examining reading habits have found positive educational and emotional outcomes tied to recreational reading.

Some educators and advocates also argue that books discussing sexuality or relationships can provide students with information about consent and healthy relationships rather than encouraging harmful behavior.

Polling and advocacy efforts around the country suggest many students and parents support maintaining broad access to books, even when certain content may be uncomfortable or controversial. Critics of book bans argue that disagreement with a book’s themes should not result in restricting access for all students or eliminating discussions involving certain identities or perspectives.

Meanwhile, reading for pleasure among children has continued to decline over the past two decades. For many educators and literacy advocates, that trend may be one of the larger concerns quietly sitting beneath the noise of the current debate.

LOS ANGELES — Dutch prosecutors and law enforcement authorities have moved to shut down the controversial tube platform Motherless.com, marking a major escalation in the growing international scrutiny surrounding the site.

The takedown effort appeared to begin Thursday. The Netherlands Public Prosecution Service confirmed to multiple news organizations that a preliminary investigation is underway to determine whether the site’s operators engaged in criminal conduct.

Dutch public broadcaster NOS reported that prosecutors acted following its own investigation alongside reporting by CNN in the United States. According to NOS, authorities determined that Netherlands-based hosting provider NFOrce Internet Services was hosting content tied to Motherless.com users.

Under mounting pressure, NFOrce informed the operators of Motherless.com that hosting services had been suspended pending the outcome of what the company described as an internal “abuse and compliance escalation” review.

“Following recent media publications and additional internal review, NFOrce initiated an enhanced compliance and abuse-handling review relating to Motherless.com,” the company said in a published statement.

NFOrce also released portions of correspondence sent to its listed point of contact for the site.

“Given the seriousness of the matters raised publicly, including allegations relating to potentially unlawful, exploitative, or non-consensual content categories, NFOrce requires your urgent written response and confirmation regarding the matters outlined below,” wrote NFOrce director Simon Elimeleh in the notice. “This review is being conducted as part of NFOrce’s ongoing abuse-handling, compliance, and risk assessment obligations as an infrastructure provider.”

NFOrce said the site’s operators were given between 12 and 24 hours to respond to several requests outlined in the letter, which was sent Thursday, May 7.

Among the demands were requirements for an “immediate content review and removal,” along with an audit of keywords, category tags, trust and safety procedures, and overall legal compliance practices.

“Failure to provide a complete and satisfactory response within the requested timeframe, failure to demonstrate appropriate remediation efforts, or failure to comply with applicable legal or contractual obligations may result in further review of the continuation of services, including possible suspension or termination measures where appropriate,” Elimeleh said.

Motherless.com has faced criticism for years over allegations involving illegal and non-consensual material, as well as widespread copyright infringement. Following detailed investigations published by CNN and NOS, pressure intensified on Dutch authorities to pursue legal action against the platform.

According to CNN’s reporting, investigators identified extensive amounts of abusive and unlawful content on the site. The report described the platform as part of what it called a global “rape academy,” including online groups where men allegedly discussed and encouraged sexual violence against partners and spouses. The investigation also documented videos depicting gender-based violence and alleged drug-facilitated assaults, including so-called “sleep” videos involving individuals believed to be unconscious or under the influence of drugs.

The platform has also faced regulatory pressure elsewhere in Europe. In the United Kingdom, digital regulator Ofcomhas been pursuing enforcement actions tied to age-verification requirements and other provisions under the Online Safety Act. Motherless previously received fines totaling nearly $1.1 million over compliance failures connected to those rules.

Motherless is reportedly operated by Kick Online Entertainment, a Luxembourg-registered entity. Dutch authorities are also examining other affiliated companies connected to the operation, including businesses reportedly based in Costa Rica and other jurisdictions.

LOS ANGELES — Aylo, the parent company behind Pornhub.com, reached an agreement last week with the state of Utah that temporarily pauses enforcement of a law aimed at stopping people from using virtual private networks to bypass the state’s age-verification requirements. According to court filings, enforcement is now scheduled to begin Sept. 3.

The agreement follows a lawsuit Aylo filed in late April against Utah’s Division of Consumer Protection and Department of Commerce in the U.S. District Court for the District of Utah. The complaint alleges multiple constitutional violations, including claims that the state’s actions interfere with interstate and foreign commerce protections outlined in the U.S. Constitution.

The lawsuit also argues that Utah is engaging in what it describes as “unlawful state extraterritorial regulation.” Aylo Freesites Ltd. and Aylo Group Ltd. are foreign corporate entities connected to Aylo’s broader ownership structure, which is headquartered in Montreal, Québec, and ultimately controlled by Ottawa-based Ethical Capital Partners.

“This new law is unconstitutional for three independent reasons: it constitutes impermissible extraterritorial legislation, it violates the dormant Commerce Clause, and it also violates the Foreign Commerce Clause by interfering with purely international transactions involving foreign entities and foreign nationals,” attorneys for the plaintiffs argued in court filings.

Representing the plaintiffs are Annika L. Jones and Brandon S. Fuller, partner and associate at the Salt Lake City office of Snell & Wilmer LLP.

Aylo is also represented by attorneys from the Washington, D.C., office of Jenner & Block LLP, including managing partner Lindsay Harrison, partner Jessica Ring Amunson and special counsel Daniel Schwei. Attorneys for the state of Utah later reached the agreement with Aylo’s legal team to postpone enforcement of the VPN-related provisions.

Earlier this year, Utah Gov. Spencer Cox signed Senate Bill 73 into law. The measure imposes a 2 percent excise tax on adult content sold digitally within the state. Included in the legislation is a provision prohibiting users from using VPNs or similar IP-masking tools to bypass age-verification systems and content restrictions.

When Utah first enacted site-level age-verification requirements in 2023, Aylo responded by geoblocking access within the state. At the same time, VPN services remained widely available through major app marketplaces, making it relatively simple for users to circumvent geographic restrictions.

Lawmakers introduced SB 73 in part to address that issue, and the proposal moved through Utah’s Republican-controlled legislature with limited opposition.

The law states that “an individual is considered to be accessing the website from this state if the individual is actually located in the state, regardless of whether the individual is using a virtual private network, proxy server, or other means to disguise or misrepresenting the individual’s geographic location to make it appear that the individual is accessing a website from a location outside this state.” The legislation also seeks to prohibit publishing information that promotes the use of VPNs to evade age checks.

Enforcement of the VPN-related provision had been expected to begin today. Under the new agreement, however, enforcement is delayed until Sept. 3. The 2 percent excise tax is still set to take effect in October.

“[The] defendants shall not take enforcement action or otherwise seek to impose liability pursuant to [the bill] for any conduct by plaintiffs or their affiliates that occurs during the period of forbearance,” a memo filed with the court states. The filing was signed by attorneys representing Aylo as well as lawyers from the office of Utah Attorney General Derek Brown.

“During that period, Plaintiffs and their affiliates shall also not change any of their current geofencing practices in Utah,” the memo continues, effectively preserving the current status quo while the litigation proceeds.

Lawrence Walters, an attorney known for handling litigation involving the adult entertainment industry, described the agreement as a practical decision.

“The state was smart to agree to forego enforcement of this ill-considered law pending review by the courts,” Walters said.

He added, “The expectation to identify the location of users who access a website through a VPN is an impossibility. The law is extremely vulnerable to constitutional challenges, and the state could be on the hook for significant damages and attorneys’ fees, particularly if it moved forward with enforcement proceedings.”

A major argument in Aylo’s lawsuit is that SB 73 could cause irreparable damage to both its business operations and broader access to privacy-focused internet technology.

“There is no feasible way for a company like Aylo to reliably verify whether any particular individual is using a VPN, proxy server, or other location-masking technology—and therefore no way to determine whether a user who appears to be located outside Utah is, in fact, located inside Utah,” an Aylo spokesperson said.

The company also argues that Utah lacks legal standing to regulate conduct occurring beyond its borders.

“Utah is projecting its policy choices onto conduct occurring entirely outside its borders, in states and countries that have made different legislative judgments,” the spokesperson added. “It is our opinion that this new law is unconstitutional and that no single state has constitutional authority to set the terms under which a global company may operate on the global Internet.”

Adult industry attorney Corey Silverstein said the case raises broader questions extending beyond Utah alone.

“Aylo’s lawsuit underscores the growing constitutional collision between online age-verification mandates and digital privacy rights,” Silverstein said. “While lawmakers frame these laws as child-protection measures, the practical effect is forcing adults to surrender sensitive personal information to access legal content online.

“That raises serious First Amendment, cybersecurity and anonymity concerns, especially when states continue expanding these laws beyond websites and toward VPNs, app stores and broader internet access,” he added. “The courts are now being asked to decide whether governments can effectively build a digital ID checkpoint system around lawful speech.”

VPN technology continues to present challenges for regulators attempting to enforce age-verification rules in multiple jurisdictions. In Indiana, for example, state officials have sued Aylo, alleging the company violated local age-verification requirements by failing to block traffic routed through VPNs and proxy services.

Utah, having discovered the same thing noticed by literally every other jurisdiction to impose an age gate on sexually explicit content, recently ‘updated’ its age-verification mandate to penalize website operators who “facilitate or encourage” the use of a virtual private network (VPN), proxy server, or “other means to circumvent age verification requirements.”

The amended law also holds that “an individual is considered to be accessing the website from this state if the individual is actually located in the state, regardless of whether the individual is using a virtual private network, proxy server, or other means to disguise or misrepresent the individual’s geographic location to make it appear that the individual is accessing a website from a location outside this state.”

The changes to Utah’s law don’t amount to a “ban” on VPN use in the state, but the provisions related to preventing covered entities from facilitating or encouraging VPN use have a clear chilling effect – and present a legal pitfall that goes beyond simply requiring adult websites to verify a user’s age.

“By holding companies liable for verifying the age of anyone physically in Utah, even those using a VPN, the law creates a massive ‘liability trap,’” noted Rindala Alajaji, Associate Director of State Affairs for the Electronic Frontier Foundation. “Just like we argued in the case of the Wisconsin bill, if a website cannot reliably detect a VPN user’s true location and the law requires it to do so for all users in a particular state, then the legal risk could push the site to either ban all known VPN IPs, or to mandate age verification for every visitor globally. This would subject millions of users to invasive identity checks or blocks to their VPN use, regardless of where they actually live.”

And while the Utah law doesn’t go as far as one version of the Wisconsin bill would have (a bill that has been vetoed by Gov. Tony Evers), as Alajaji observed, “muzzling the websites themselves from sharing information about VPNs… raises significant First Amendment concerns, as it prevents platforms from providing basic, truthful information about a lawful privacy tool to their users.”

So, while the law doesn’t outright ban the use of a VPN or other means of circumventing an age gate or geofence, this silver lining only goes so far in blunting the law’s chilling effect on speech.

“Under a ‘don’t ask, don’t tell’ style of enforcement, websites likely only have an obligation to ask for proof of age if they actually learn that a user is physically in Utah and using a VPN,” Alajaji wrote. “If a site doesn’t know a user is in Utah, their broader obligation to police VPNs remains murky. So, while SB 73 isn’t as extreme as the discarded Wisconsin proposal, it remains a dangerous precedent.”

And, of course, it wouldn’t be a discussion of an age-verification law if someone didn’t point out the (obvious) privacy implications underlying it all. As one resident of the state put it in a recently published letter to the Salt Lake Tribune, “SB73 pushes adults toward handing over identifying information just to access legal online material. That creates real privacy risks.”

“Once identification systems are built, the information can be stored, breached, misused or demanded for other purposes later,” the letter’s author added. “Utah lawmakers may call this child protection, but it looks a lot more like another government-approved tracking system.”

Twisting the rhetorical knife a bit further, the letter adds that “Utah has a bad habit of passing laws that sound moral in a committee hearing but become a technical and constitutional mess in the real world” and “SB73 fits that pattern.”

“Protecting children matters. But turning every adult internet user into a walking ID check is not protection,” the letter concludes. “It is surveillance with a family-values bumper sticker.”

Couldn’t have said it better myself.

NICOSIA, Cyprus — Aylo announced Tuesday that Pornhub access has been restored in the United Kingdom for Apple users who complete Apple’s age-verification process through iOS devices.

The company said the change follows Apple’s rollout of device-based age verification in the U.K. through iOS 26.4.

In a statement, Aylo Vice President of Brand and Community Alex Kekesi said, “For years, Aylo has advocated for device-based age verification as the most effective and privacy-protecting approach to help prevent minors from accessing age-inappropriate content online. With the release of iOS 26.4, Apple has introduced the world’s first-ever device-based age verification solution for its users in the U.K., a major first step toward a global solution that stands to better protect children everywhere. As a result, today Aylo welcomes eligible age-confirmed U.K. iOS users back to Pornhub.”

Aylo had previously implemented age-assurance measures in the U.K. to comply with requirements under the Online Safety Act. In February 2026, however, the company began restricting access to its free video-sharing platforms in the country unless users had existing accounts, citing concerns about what it described as flaws in the law’s verification framework.

Following Apple’s March release of iOS 26.4, the company introduced account-level age verification for U.K. users. Aylo said the system represents “one of the strongest and hardest to circumvent protections currently available for helping prevent minors from accessing age-inappropriate content.”

During a press conference Tuesday, Ethical Capital Partners partner Solomon Friedman said the ownership group behind Aylo welcomed Apple’s implementation of device-based age assurance across the U.K., while Kekesi described the rollout as “a huge step.”

“We believe this is the path forward,” Kekesi said, adding that the company hopes similar systems will eventually expand to other operating systems and additional international markets.

Aylo has previously blocked access to its sites in several U.S. states with age-verification laws, along with France and Australia. Kekesi said the restoration of access in the U.K. marks the first time the company has resumed operations in a market after suspending access over verification concerns.

“This is the first time we are effectively coming back to a market because we have a solution that in our view permits us to do that in the safest way possible,” she said. “This is a really exciting day.”

Kekesi said the verification process takes place within Apple’s ecosystem, eliminating the need for users to complete additional verification steps directly on the site.

“It offers a much more seamless experience to the user,” Kekesi said.

Friedman said Aylo views that process as important because users often migrate to sites that do not comply with verification requirements when verification systems become cumbersome.

“Right now, when you Google ‘free porn’ from the U.K., half the results Google and Bing return are sites that are noncompliant,” Friedman said.

Friedman also said Apple’s system satisfies the company’s standards for effective age assurance because it does not require users to provide personal information directly to websites and is more difficult to bypass than many existing platform-based systems.

“Apple’s got it right,” Friedman said.

Ethical Capital Partners partner Sarah Bain said the restored access currently applies only to Pornhub and not to other Aylo-owned platforms including YouPorn and Redtube.

“Aylo is rolling this out in a measured way,” Bain said.

RALEIGH, N.C. — A proposal moving through the North Carolina legislature would place a new 10% tax on certain adult materials sold at brick-and-mortar stores across the state.

Filed last week by three state senators, SB 1007 would create what it calls a “harmful materials tax” on visual content considered “prurient” and harmful to minors when sold in any physical retail setting.

The bill defines those materials as “pictures, drawings, video recordings, films or other visual or physical depictions or representations, including digital or computer-generated visual depictions or representations created, adapted, or modified by technological means, such as algorithms or artificial intelligence, but not material consisting entirely of written words.”

Under the proposal, the 10% tax would apply to gross receipts from the sale of such material. The language does not distinguish between adult-only businesses and general retailers, meaning any store offering adult videos, magazines, or similar visual content that meets the definition could fall under the tax.

That definition reads: “Any material or performance that depicts sexually explicit nudity or sexual activity and that, taken as a whole, has the following characteristics: a. The average adult person applying contemporary community standards would find that the material or performance has a predominant tendency to appeal to a prurient interest of minors in sex; and b. The average adult person applying contemporary community standards would find that the depiction of sexually explicit nudity or sexual activity in the material or performance is patently offensive to prevailing standards in the adult community concerning what is suitable for minors; and c. The material or performance lacks serious literary, artistic, political, or scientific value for minors.”

North Carolina has enacted several measures related to adult content in recent years. In 2025, lawmakers overrode a gubernatorial veto to pass the Prevent Sexual Exploitation of Women and Minors Act. The law requires age and consent verification for performers beyond federal record-keeping standards under Section 2257, mandates written consent for each sexual act depicted, and requires separate consent for distribution. It also requires platforms to remove content if a performer withdraws consent at any time, regardless of prior agreements.

Elsewhere, lawmakers have pursued a range of taxes and regulatory measures affecting adult content.

Utah and Alabama have adopted excise taxes on adult sites, while proposals in Virginia and Pennsylvania would introduce similar policies. In January, the U.S. Supreme Court declined to review a lower court ruling that allowed enforcement of a 2001 zoning law aimed at limiting the locations of adult retail stores in New York City.

In Tennessee, a separate bill would require adult businesses, including stores and theaters, to post warnings stating that patrons “may be contributing” to sexual assault and human trafficking. The measure is expected to be sent to the governor.

SB 1007 has been referred to the North Carolina Senate Rules and Operations Committee.

Utah’s Senate Bill 73 will take effect May 6, adding new requirements to the state’s age verification law. Websites covered by the law will be prohibited from explaining how VPNs can be used to bypass age restrictions. They will also be responsible for enforcing age verification for users physically located in Utah, even when a user’s virtual location appears to be outside the state.

The provisions are framed as updates to Utah’s existing age verification law, but they could have broader legal and technical implications. One provision bars covered businesses from discussing VPN workarounds on their websites, a restriction that could face First Amendment challenges.

The location-enforcement provision has raised concerns among online freedom advocates. A VPN can make a user appear to be accessing a website from another state or country. Under the law, if an underage Utah resident uses a VPN to appear outside Utah and gains access to restricted material, the website could face liability.

The law leaves affected online businesses with limited options. One option would be to require age verification for all users, regardless of location, which would affect every visitor to the site and could reduce traffic or revenue.

Another option would be to attempt to block VPN traffic. That approach can be technically difficult because VPN traffic can be made to resemble ordinary web traffic. Websites often rely on blocking IP addresses associated with VPN services, but VPN providers can add new addresses.

Blocking VPN use also raises broader rights concerns. In many countries, VPN access is associated with privacy and free expression protections. Utah’s law places new pressure on websites to determine a user’s physical location in a way that may be difficult to enforce without broader restrictions on privacy tools.

So far, states have largely avoided outright VPN bans. A proposal to ban VPNs in Wisconsin failed after similar concerns were raised. Utah’s law does not impose a total VPN ban, but legal challenges to the measure and similar age verification laws are expected in the weeks and months ahead.