Capstone expects regulators to take an increasingly multifaceted approach to curbing harmful activity on platforms operated by Alphabet Inc.’s Google, Meta Platforms Inc., Apple Inc., and Roblox Corp. Age verification requirements, children’s safety litigation, and evolving content liability standards create near-term headwinds, though First Amendment considerations may limit their reach. We also expect antitrust actions—particularly targeting app store practices—to continue.
Outlook at a Glance
- 2026 Will Bring Clearer App-Store Fee Structures on Both Sides of the Atlantic; Apple and Google Will Benefit from Resolving US Litigation, but Face Mild Headwinds in the EU
- Growth in Child Safety Litigation Will Drive User Loss on Youth-Heavy Platforms in Advance of Age Verification Laws
- State Enforcement of Age Verification Laws Remains Uneven Due to Varying Definitions and Court Challenges, While a Weakened Federal Kids Online Safety Act Gains Steam
2026 Will Bring Clearer App-Store Fee Structures on Both Sides of the Atlantic; Apple and Google Will Benefit from Resolving US Litigation, but Face Mild Headwinds in the EU
| Winners | Apple Inc. (AAPL), Alphabet Inc. (GOOGL), Large app developers |
| Losers | Smaller app-developers, Spotify (SPOT), Match Group Inc (MTCH), Netflix Inc (NFLX) |
Capstone expects 2026 to be a pivotal year as litigation in the US regarding app-store payments in Epic v. Apple and Epic v. Google is resolved. We believe outcomes driven by private lawsuits, rather than rulemaking or legislation, will be incrementally better for Apple and Google, though also a material improvement for developers relative to the pre-2020 baseline before the lawsuits were filed. We expect Apple and Google to avoid the worst-case outcomes, with Apple likely to avoid a prolonged zero-commission regime and Google well-positioned to secure terms more favorable than those contemplated in the original injunction.
In the EU, Capstone expects the European Commission to approve Apple’s and Google’s revised fee structures, changes that would lower developer fees and resolve the current investigations under the Digital Markets Act (DMA).
Epic v. Apple
We believe the Ninth Circuit Court of Appeals appeared open to reversing a contempt order issued by Judge Yvonne Gonzalez Rogers of the Northern District of California and sending the case back to district court, where we anticipate the approval of a negotiated commission structure rather than the current zero-commission rule for out-of-app purchases. At an October hearing, Apple asserted its right to charge “reasonable fees” for access to its ecosystem and argued that the contempt order exceeded the scope of the original 2021 injunction, which did not prohibit commissions on external purchases.
The removal of a zero-commission remedy would be positive for Apple and a headwind for developers relative to the post-May 2025 environment, when the contempt order took effect. It has prompted major platforms, including Spotify Technology SA (SPOT), Netflix Inc. (NFLX), Amazon.com, Inc. (AMZN), and Match Group Inc. (MTCH), to expand alternative billing. Spotify highlighted the benefits during its July earnings call, while Match noted that “both Apple and Google combined are our single largest cost- $700 million a year we spend on fees.”
Epic v. Google
We expect District Court Judge James Donato of the Northern District of California to approve the parties’ proposed settlement next year, which was submitted in early November. He expressed skepticism during the status conference, saying that he wants to examine the broad implications of the settlement beyond the preferences of the parties. Cases of this type are typically resolved based on “public-interest” considerations. The parties can emphasize the global scope of remedies, the longer duration of the settlement (seven years versus three), and the immediate implementation timeline. Rejecting the agreement also risks US Supreme Court intervention, as Google’s cert petition remains active.
The settlement is more favorable for Google than the existing injunction, and more positive for large developers than small ones. It allows Google to retain commissions on out-of-app transactions and scales back several remedies that developers, particularly smaller ones, had received under the original injunction. For example, developers must be shown side-by-side billing options, but Google is not required to provide catalog app access. While third-party app stores will not pay commissions, developers using alternative billing systems will still face fees up to 20% (and 25% for alternatives that mirror Play Billing). This narrow 5-percentage-point difference relative to in-app purchases limits the incentive for developers to adopt alternative billing.
European Commission Investigations
We expect the European Commission to approve the changes that Apple and Google have proposed to their app store fee structures in early to mid-2026. The Commission may seek additional concessions, but we do not expect it to fundamentally redesign pricing frameworks, particularly against the backdrop of heightened US–EU trade tension and political pressure from a protectionist US administration. The changes we expect would benefit developers in the EU. Apple has proposed capping commissions at 17% for external purchases, while Google’s proposed cap is roughly 13%. Both frameworks would reduce friction in out-of-app payment flows and support greater viability for third-party app stores and out-of-app purchases.
Growth in Child Safety Litigation Will Drive User Loss on Youth-Heavy Platforms in Advance of Age Verification Laws
| Winners | Meta Platforms Inc. (META) |
| Losers | Roblox Corp. (RBLX), Alphabet Inc. (GOOGL), ByteDance Ltd.’s TikTok |
Capstone believes that platforms such as TikTok, Roblox, and Meta Platforms Inc. will continue to face lawsuits alleging harm to minors in 2026, creating company-specific pressures distinct from pending legislative mandates. Companies facing such litigation must choose between implementing stricter age-gating measures, which could significantly impact revenue for platforms with large youth user bases, and bearing costly legal risks.
For example, Roblox, an online game platform with users who are largely under 18 years old, faces a slew of lawsuits brought by states (such as Kentucky, Louisiana, and Texas) and private parties for allegedly exposing children to explicit content and facilitating exploitation.
In response to this scrutiny, Roblox announced that beginning in January, it will require facial age checks for access to its chat features globally, using artificial intelligence (AI) to categorize users into age groups. While this addresses some safety concerns, messaging is only one of the platform’s interactive functions, so this measure is unlikely to eliminate the risk of additional litigation. News reports also indicate that minors have been able to use AI to bypass these protections. Capstone believes that these lawsuits will continue to accumulate against online platforms in 2026.
Youth-Focused Platforms
Capstone believes platforms with high percentages of child users will lose the biggest share of their users from age gating, while the headwinds for companies geared towards adults will be comparatively modest. As we previously calculated, approximately 1.7% and 2% of users on Meta’s Facebook and Instagram platforms, respectively, are under 13. The risks are much greater for Roblox, nearly 40% of whose users are under 13 (though the percentage may be even higher, as many children claim to be older).
Child safety lawsuits and resulting changes to age-gating infrastructure are likely to disproportionately disadvantage companies that appeal to children. Furthermore, while the majority of Meta’s revenue comes from advertising, Roblox’s primary revenue source is sales of its virtual currency, ‘Robux,’ making user activity vital to its bottom line.
The implementation of age-gating methods will likely make platforms less accessible for users, therefore decreasing their overall user count. In addition to users under 18, we expect many adult users to stop using platforms as a result of new measures that require them to enter personal data (such as government IDs) to use platform features.
State Enforcement of Age Verification Laws Remains Uneven Due to Varying Definitions and Court Challenges, While a Weakened Federal Kids Online Safety Act Gains Steam
| Winners | N/A |
| Losers | Meta Platforms Inc. (META), Snap Inc. (SNAP), Alphabet Inc. (GOOGL), Apple Inc. (AAPL), Roblox Corp. (RBLX), |
Capstone believes that while states have implemented age verification mandates to strengthen protections for children online, the lack of uniformity across jurisdictions dilutes their impact. Online platforms face a patchwork of conflicting requirements, with variations in state laws and pending federal bills providing differing standards and mandates that make it difficult for companies to address the issue. Additionally, First Amendment challenges to state age verification laws have succeeded in blocking many of them, allowing companies to continue using existing practices.
First Amendment Challenges
In the absence of federal action, many states have attempted to pass laws to protect children online, often through strict age verification mandates. These provisions require platforms to implement “commercially available” methods to determine the identity and age of users, likely through the collection of sensitive personal data. Capstone previously calculated that a national age verification framework would threaten up to 18% of revenue for platforms like Meta’s Facebook and Instagram and Snap Inc.’s Snapchat.
However, state and federal lawmakers have struggled to craft legislation to strengthen protections for children online without running into First Amendment concerns. Several states, including Arkansas, Utah, Texas, Mississippi, and California, which have passed laws requiring social media companies to verify users’ ages have faced court challenges brought by industry groups such as NetChoice and the Chamber of Progress.
These challenges have centered on age verification mandates and content restrictions. While courts have upheld several laws, concerns about these provisions remain. While the US Supreme Court denied NetChoice’s request to temporarily block Mississippi’s Walker Montgomery Protecting Children Online Act (HB 1126), a 2024 statute imposing age verification requirements, Justice Brett Kavanaugh said in a concurring opinion in that decision that the statute would “likely violate its members’ First Amendment rights”.
While these decisions add to the momentum to pass federal and state children’s privacy legislation, questions remain about whether age verification provisions are constitutional. We expect state-level age verification laws to spread, but to also face challenges that will delay implementation and mitigate worst-case scenarios for platforms.
Definition of “Covered Entities”
Online safety laws vary in how they define “covered entities.” While some state and federal children’s privacy laws tailor provisions to “social media platforms,” others adopt broader terms, such as “online platforms” or “digital services.” California’s Age-Appropriate Design Code applies to online services “likely to be accessed by children,” including streaming services and online gaming platforms. By contrast, Utah’s Social Media Regulation Act (HB 464) limits its coverage to social media companies.
These differing approaches create a legal grey area for companies that fall within the scope of some states’ laws but not others. These platforms face competing risks: the cost of over-compliance or the legal risks of under-compliance. For example, Alphabet’s YouTube could be classified differently across jurisdictions: some children’s privacy statutes may treat YouTube as a streaming platform, while others categorize it as social media. Similarly, Roblox, while typically defined as an online game platform, also has social media and messaging features. Social media companies like Meta and Snap are subject to most online safety laws.
Notably, multiple states have shifted liability from social media companies to app stores by requiring app stores to administer and enforce age restrictions before allowing downloads. Adult-content websites have alternatively urged tech platforms and lawmakers to enforce device-based age verification. Capstone believes these approaches could bypass First Amendment challenges by targeting access rather than content.
Federal Children’s Privacy Legislation
We continue to believe Congress will pass online safety legislation for children, such as the Kids Online Safety Act (KOSA) or the Kids Off Social Media Act (KOSMA), by the end of this year. However, we do not expect it to include an age verification mandate, given how courts have ruled in First Amendment challenges. We expect Congress to continue viewing online privacy legislation as a precondition to AI regulation, providing additional momentum for legislation like KOSA, KOSMA, and the Children and Teens’ Online Privacy Protection Act (COPPA 2.0.).
On December 2nd, the House Energy and Commerce Committee discussed a 19-bill package aimed at protecting children online, centered around a pared-down version of KOSA. The newest House version of KOSA, however, excludes its “duty of care” provision, which gives platforms a legal obligation to take “reasonable steps” to protect minors from harmful content on their services and age verification measures to avoid constitutional challenges.
The 19 bills are also packaged with AI-related safety measures, such as limitations for chatbots, algorithmic recommendations, and deepfakes, which will likely help foster support for action on children’s privacy. Regulators have indicated, and Capstone has reported, that legislative or regulatory action in the AI space is contingent upon movement towards protecting kids’ privacy online, so bundling these issues could advance both agendas simultaneously. However, the most material provisions, namely age verification and duty of care, are unlikely to be enacted, avoiding a worst-case scenario for social media companies and other online platforms.
