A contentious legislative process in the US risks pushing the country rapidly toward a fully monitored identity-gated internet. The conflict stems from two different bills, one in the Senate and one in the House of Representatives, making it quite likely that they will be combined in a tougher compromise.
At issue is the Kids Online Safety Act (KOSA), a bill designed to protect minors online. In practice, it points toward a web where gatekeepers decide who may enter apps and websites.
The stated aim of KOSA is to require large platforms to do more to protect minors from certain online risks. These include addictive features, bullying, sexual exploitation, self-harm content, drug promotion and harmful design and recommendation systems.
The version backed by the Senate includes a central requirement known as the “duty of care”. This would impose a direct obligation on platforms and expose them to liability risks. That duty is the most politically contested part of the legislation.
The KIDS Act
In a recent vote, the House of Representatives passed not only the familiar KOSA bill but also a larger package, the Kids Internet and Digital Safety Act (KIDS Act). The package brings together several proposals. Alongside KOSA, it includes COPPA 2.0, the Children’s Online Privacy Protection Act, which contains age-based restrictions on advertising and the use of data.
The House also passed provisions on data brokers, AI chatbots, gaming platforms and age checks. Unlike the Senate version, however, the House bill removed the “duty of care”.
This is exactly where the conflict with the Senate begins. Senator Richard Blumenthal, one of KOSA’s leading authors, said that KOSA without a “duty of care” is not KOSA.
Whether or not that duty is included, users would no longer be able to simply access a web service. They would first have to prove who they are, how old they are, whether they are entitled to view certain content or whether an account is linked to a real person.
These checks can be carried out by the websites or apps themselves or outsourced to trusted providers. The difference lies in who bears responsibility.
Risk of Censorship
Critics see the Senate version as creating a much greater risk of censorship and excessive moderation. The House version, by contrast, is aimed much more strongly at identity collection and surveillance.
The real danger lies in a compromise between the Senate and the House that combines both approaches. Platforms would then face a “duty of care” as well as an obligation to carry out proper age and identity checks. That is precisely the path toward an identity-gated internet.
Even if a website does not see a user’s identity itself, a verification process still arises somewhere in the chain. Someone then knows that a particular user carried out a check to gain a specific kind of access.

This does not mean that users would deposit direct proof of identity with every website or app. Depending on the method used, they may instead authorize themselves through digital wallets, bank details, phone numbers, facial scans, state eID systems, Google or Apple accounts, age-estimation services or third-party providers confirming a minimum age.
This is the surveillance aspect of the House legislation.
Always a Gatekeeper
Whatever method is used, there is always a point at which the user’s full identity can be established. This gatekeeper can grant or deny access to the site in a verifiable way. At precisely this point, it becomes visible who accessed which website and when.
Combining that information with activity on the site itself would ultimately be a small matter for any police or intelligence agency. The internet would shift away from anonymous or pseudonymous use toward verified, controlled and ultimately state-monitored access.
In the context of KOSA, supporters often argue that the bill does not explicitly require all users to identify themselves. But if platforms must protect children in particular, separate age groups and avoid liability risks, they will in practice be pushed into checking the age of all users and documenting the result.
Since minors can only be identified if adults are checked as well, age verification ultimately affects everyone. The result would be an internet in which legal content is no longer freely accessible, but sits behind identity or age gates. That is what is meant by an identity-gated internet.
Everyone Gets Checked
The core problem with the legislation is not child protection itself, but the technical logic behind it. To protect minors, platforms must know, or at least reliably estimate, who is underage.
This creates de facto pressure to combine age verification, identity checks, behavioral analysis and biometric age estimation. The law does not explicitly mandate surveillance. But its structure is such that companies may introduce full-scale monitoring pre-emptively out of fear of liability.
If access to legal content is tied to age or identity checks, the consequences affect not only children but adults as well. Anonymous or pseudonymous use of platforms becomes more difficult or impossible.
The result would be that anyone who wants to be active online in any meaningful way would have to leave a traceable identity behind. Critics fear the emergence of the transparent internet user.
If the Senate version is added to this structure, that system of control would be reinforced by a “duty of care” requiring platforms to exercise “reasonable care” to protect minors from certain harms.
The incentive for overcautious moderation and the removal of content that is, in principle, legally protected would be obvious. The result is the familiar problem of overblocking and a censorship risk built into the Senate draft.