{ "legislationId": "119_S_4159", "lastUpdate": "2026-03-28T12:22:45.461Z", "history": [ { "timestamp": "2026-03-28T12:22:45.461Z", "source_url": "https://www.congress.gov/119/bills/s4159/BILLS-119s4159is.htm", "model": "gemini-flash-lite-latest", "prompt_sent": "\nROLE: Fact Checker.\nZADANIE: Porównaj SOURCE (oryginał) i SUMMARY (streszczenie przygotowane przez inne AI).\n\nTwoim celem jest wykrycie \"ZMYŚLONYCH KONKRETÓW\" (Fabricated Entities) w SUMMARY.\n\nSOURCE:\n[Congressional Bills 119th Congress] [From the U.S. Government Publishing Office] [S. 4159 Introduced in Senate (IS)] 119th CONGRESS 2d Session S. 4159 To require large social media platform providers to create, maintain, and make available to third-party safety software providers a set of real-time application programming interfaces, through which a child or a parent may delegate permission to a third-party safety software provider to manage the online interactions, content, and account settings of such child on the large social media platform in the same manner as is available to the child, and for other purposes. _______________________________________________________________________ IN THE SENATE OF THE UNITED STATES March 20, 2026 Mr. Husted (for himself, Mrs. Britt, and Mr. Warner) introduced the following bill; which was read twice and referred to the Committee on Commerce, Science, and Transportation _______________________________________________________________________ A BILL To require large social media platform providers to create, maintain, and make available to third-party safety software providers a set of real-time application programming interfaces, through which a child or a parent may delegate permission to a third-party safety software provider to manage the online interactions, content, and account settings of such child on the large social media platform in the same manner as is available to the child, and for other purposes. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as ``Sammy's Law''. SEC. 2. DEFINITIONS. In this Act: (1) Child.--The term ``child'' means any individual who-- (A) has not attained 17 years of age; and (B) has registered an account with a large social media platform. (2) Commerce.--The term ``commerce'' has the meaning given such term in section 4 of the Federal Trade Commission Act (15 U.S.C. 44). (3) Commission.--The term ``Commission'' means the Federal Trade Commission. (4) Covered nation.--The term ``covered nation'' has the meaning given such term in section 4872(f) of title 10, United States Code. (5) Large social media platform.--The term ``large social media platform''-- (A) means a service-- (i) provided through an internet website or a mobile application; (ii) the terms of service of which do not prohibit the use of the service by a child; (iii) with any feature that enables a child to share images, text, or video through the internet with other users of the service whom such child has met, identified, or become aware of solely through the use of the service; and (iv) that has more than 100,000,000 monthly global active users or generates more than $1,000,000,000 in gross revenue per year, adjusted yearly for inflation; and (B) does not include-- (i) a service that primarily serves-- (I) to facilitate-- (aa) the sale or provision of a professional service; or (bb) the sale of a commercial product; or (II) to provide news or information in a manner in which a user of the service may not send any content directly to a child through such service; or (ii) a service that-- (I) has a feature that enables a user who communicates directly with a child through a message (including images, text, audio, or video messages) to add to such message other users that such child may have met, identified, or become aware of solely through the use of the service; and (II) does not have any feature described in subparagraph (A)(iii). (6) Large social media platform provider.--The term ``large social media platform provider'' means any person who, for commercial purposes in or affecting commerce, provides, manages, operates, owns, or controls a large social media platform. (7) Parent.--The term ``parent'' means, with respect to a child, the parent or legal guardian of such child. (8) Sale.--The term ``sale'', with respect to user data-- (A) means the exchange of user data for monetary consideration; and (B) does not include the disclosure of user data by a third-party safety software provider to a processor or service provider that processes user data on behalf of the third-party safety software provider. (9) State.--The term ``State'' means each of the 50 States, the District of Columbia, each commonwealth, territory, or possession of the United States, and each federally recognized Indian Tribe. (10) Third-party safety software provider.--The term ``third-party safety software provider'' means any person who, for commercial purposes in or affecting commerce-- (A) is authorized to interact with a relevant large social media platform to manage the online interactions, content, or account settings of a child for the sole purpose of protecting the child from harm, including physical or emotional harm; and (B) has received such authorization from the child, or in the case of a child who has not attained 13 years of age, the parent of such child. (11) User data.--The term ``user data'' means any information reasonably necessary for a user to have a profile or submit content on a large social media platform (including any image, text, audio, or video) that is created by or sent to a child through the account of the child on such platform, but only-- (A) if the information or content is created by or sent to the child while a delegation under section 3(a)(1)(A) is in effect with respect to the account; and (B) during a 30-day period beginning on the date on which the information or content is created by or sent to such child. SEC. 3. PROVIDING ACCESS TO THIRD-PARTY SAFETY SOFTWARE PROVIDERS. (a) Obligations of Large Social Media Platform Providers.-- (1) Availability of application programming interfaces.-- (A) In general.--Not later than the date described in subparagraph (B), a large social media platform provider shall create, maintain, and make available to a third-party safety software provider registered with the Commission under subsection (b)(3) a set of third- party-accessible real-time application programming interfaces, including any information necessary to use such interfaces, by which a child (or, in the case of a child who has not attained 13 years of age, a parent of the child) may delegate permission to the third-party safety software provider to-- (i) manage any online interaction with or content created by or sent to the child, as well as the account settings of the child on the large social media platform in the same manner as is available to the child; and (ii) initiate a secure transfer of user data from the large social media platform in a commonly used and machine-readable format to the third-party safety software provider, where the frequency of such transfers may not be limited by the large social media platform provider to less than once per hour. (B) Date described.--For purposes of subparagraph (A), the date described in this subparagraph is-- (i) in the case of a service that is a large social media platform on the date of enactment of this Act, 180 days after such date; or (ii) in the case of a service that becomes a large social media platform after such date of enactment, not later than 30 days after the date on which such service becomes a large social media platform. (2) Revocation.--Once a child or parent makes a delegation under paragraph (1)(A), the large social media platform provider shall make the application programming interfaces and information described in such paragraph available to the relevant third-party safety software provider on an ongoing basis until-- (A) the child or a parent, as applicable, revokes the delegation; (B) the child or a parent, as applicable, revokes or disables the registration of the account of such child with the large social media platform; (C) the third-party safety software provider-- (i) rejects the delegation; (ii) receives notice that-- (I) the parent of such child who made the delegation no longer has legal parental rights over such child; or (II) a temporary arrangement has been put in place by a court or legal authority regarding the custody of such child; or (iii) is deregistered by the Commission; or (D) the child attains the age of 17 years old. (3) Data security.-- (A) In general.--A large social media platform provider shall establish, implement, and maintain reasonable policies, practices, and procedures to protect-- (i) the confidentiality, integrity, and accessibility of user data transferred from the large social media platform provider to a third-party safety software provider pursuant to a delegation under paragraph (1)(A); and (ii) any such user data against unauthorized access. (B) Scope.--The policies, practices, and procedures required by subparagraph (A) shall be-- (i) consistent with state-of-the-art administrative, technical, and physical safeguards for protecting transferred user data; and (ii) appropriate to the nature, scope, and volume of such user data. (4) Disclosure.--In the case of a delegation made by a child or a parent, as applicable, under paragraph (1)(A), with respect to the account of such child with a large social media platform, the large social media platform provider shall-- (A) disclose to such child or parent, as applicable, such delegation; (B) provide to such child or parent, as applicable, a summary of any user data transferred to a third-party safety software provider; and (C) update such summary as necessary to reflect any change to such user data. (5) Limitation.--Any management by a third-party safety software provider pursuant to paragraph (1)(A)(i) shall be limited to such management that protects a child from harm, including any such management related to the optimization of any privacy setting on an account of the child, stated user age, and marketing settings for the account. (6) User control.-- (A) In general.--If a large social media platform uses a messaging feature or service that provides security features that give a user control over access to the content of any communication of the user in a manner that renders the access of the large social media platform to such content technically infeasible without overriding such control, then the following shall apply: (i) The large social media platform may not be required to grant a third-party safety software provider access to such content through a set of third-party-accessible real- time application programming interfaces under paragraph (1)(A). (ii) The large social media platform, upon a delegation under paragraph (1)(A), shall-- (I) make available and maintain a technical interface that enables contemporaneous transmission of such communication to a third-party safety software provider-- (aa) registered under subsection (b)(3); and (bb) selected by the child or parent, as applicable, as a user-designated recipient; (II) maintain such security features without altering, bypassing, or overriding such features; (III) permit the communicating users (and any user-designated recipient) to access the content through such interface; and (IV) not gain access to the content of such communication. (B) Rule of construction.--Nothing in this paragraph may be construed to limit the obligations of a large social media platform under this Act with respect to user data other than the content of communications described in this paragraph. (b) Third-Party Safety Software Providers.-- (1) Protection of user data.--A third-party safety software provider shall-- (A) limit any collection, maintenance, and processing of user data the third-party safety software provider obtains pursuant to this Act to what is adequate, relevant, and reasonably necessary for the purposes for which the user data is collected, maintained, or processed, or disclosed to a parent under subsection (d)(1)(C); (B) establish, implement, and maintain reasonable policies, practices, and procedures (that are consistent with state-of-the-art administrative, technical, and physical safeguards related to protecting transferred user data and appropriate to the nature, scope, and volume of such user data) to protect-- (i) the confidentiality, integrity, and accessibility of the user data received from a large social media platform pursuant to this Act; and (ii) the user data received from a large social media platform pursuant to this Act against unauthorized access; and (C) upon any revocation described in subsection (a)(2), delete the user data of the child within 5 days. (2) Prohibition on sale.--A third-party safety software provider may not sell any user data collected, maintained, or processed pursuant to this Act. (3) Registration with the commission.--A third-party safety software provider shall register with the Commission as a condition of accessing an application programming interface and any information under subsection (a). In order to complete such registration, the third-party safety software provider shall demonstrate the following to the satisfaction of the Commission: (A) The third-party safety software provider is not operated, directly or indirectly (including through a parent company, subsidiary, or affiliate), by a company operated or controlled by a covered nation. (B) Such software provider will collect, process, maintain, or otherwise use any user data obtained under subsection (a) for the sole purpose of protecting a child from harm in accordance with any applicable terms of service and the provisions of this Act. (C) Such software provider will only disclose user data obtained under subsection (a) as permitted by subsection (d). (D) Such software provider will not sell, disclose, process, store, transfer, or otherwise make available user data obtained under this Act to a government of a covered nation or to a company operated or controlled by a covered nation. (E)(i) Such software provider will delete any user data obtained under this Act as soon as possible-- (I) but not later than 5 days after receiving such data from a large social media platform; and (II) not including any data the software provider discloses under subsection (d). (ii) For any data disclosed under subsection (d)(1)(C), such software provider will maintain such data until-- (I) the child or parent who made a delegation under subsection (a)(1)(A), and whose data is at issue, requests that the third-party safety software provider delete such data; (II) the child attains 17 years of age; or (III) the third-party safety software provider is deregistered by the Commission. (iii) In the event that the child or parent who made a delegation under subsection (a)(1)(A) revokes the delegation, such software provider will delete all applicable user data not later than 15 days after the date of such revocation. (F) Such software provider will disclose, in an easy-to-understand, human-readable format, to each child with respect to whose account with a large social media platform the service of the third-party safety software provider is operating and (if a parent made the delegation under subsection (a)(1)(A) with respect to the account) to the parent, sufficient information detailing the operation of the service and what information the software provider is collecting to enable such child or parent, as applicable, to make informed decisions regarding the use of the service. (G) Such software provider will disclose, in an easy-to-understand format to each child or parent who made a delegation under subsection (a)(1)(A) notice of any material changes in how the third-party safety software provider provides services. (H) Such software provider is able to provide services in accordance with any applicable terms of service and any relevant disclosures made to any consumer, including by ensuring such terms and disclosures are clear and conspicuous and are written in plain and easy-to-understand English. (I) Such software provider has established, implemented, and maintained reasonable policies, practices, and procedures to protect the confidentiality, integrity, and accessibility of any user data collected or processed pursuant to this Act and that the policies, practices, and procedures are appropriate to ensure a level of security appropriate to the risk to such user data, the cost of implementing such policies, practices, and procedures, and the nature, scope, and volume of such user data. (J) Such software provider assesses compliance with applicable Federal law, including the requirements of this Act. (K) Such software provider is in compliance with the requirements of this Act. (4) Annual audit.-- (A) Audit process; audit report.--For each year or partial year during which a third-party safety software provider is registered with the Commission under paragraph (3), the third-party safety software provider shall retain the services of a qualified independent auditing firm to complete an annual audit and write an audit report (which shall be exempt from disclosure under section 552(b)(3) of title 5, United States Code) that includes-- (i) a review and assessment of such registration and any subsequent written reports, including whether the third-party safety software provider has remained in compliance with the conditions described in paragraph (3); and (ii) an identification of whether the third-party safety software provider has made any material changes in how the third-party safety software provider provides services, and in the event of any such material changes-- (I) an explanation as to how such changes have impacted users; and (II) any information relating to whether such users were notified of the material change at the time the material change was implemented. (B) Submission to the commission.--Not later than 30 days after the date on which an audit report is written under subparagraph (A), a third-party safety software provider shall submit to the Commission-- (i) a full copy of such audit report; and (ii) a summary of such audit report that may contain redactions to protect the confidential business information and trade secrets of the third-party safety software provider. (C) Audit review by the commission.--The Commission shall-- (i) review each audit report submitted by a third-party safety software provider under subparagraph (B)(i) to verify compliance with the requirements of this Act; (ii) make a copy of the summary of such audit report submitted under subparagraph (B)(ii) available to the public; and (iii) in the event an audit required under subparagraph (A) detects an unusual finding, and prior to any adverse action taken by the Commission under paragraph (5), direct a third- party safety software provider to promptly investigate and resolve the matter. (5) Additional oversight of third-party safety software providers.--In addition to the jurisdiction, powers, and duties of the Commission otherwise provided under this Act and any other provision of law, the Commission may take an adverse action against a third-party safety software provider, including by-- (A) denying registration of the third-party safety software provider under paragraph (3); (B) permanently deregistering the third-party safety software provider; and (C) suspending the registration of the third-party safety software provider due to a finding by the Commission of a material risk to the security of the data or safety of the public, including for-- (i) willful misconduct or gross negligence by the third-party safety software provider; (ii) a material misrepresentation made by a third-party safety software provider to the Commission or to any consumer; (iii) failure by the third-party safety software provider to comply with any requirements of this Act or failure to operate in accordance with the affirmations, assertions, representations, or terms of any security review, audit, terms of services, or consumer disclosures; or (iv) failure by the third-party safety software provider to respond to an unusual finding in an annual audit completed under paragraph (4). (6) Rights of third-party safety software providers.-- (A) In general.--In the event the Commission takes an adverse action against a third-party safety software provider under paragraph (5), the Commission shall give the third-party safety software provider the opportunity to-- (i) appeal such adverse action; and (ii) remediate any deficiency described in an annual audit completed under paragraph (4) within 45 days (if the third-party safety software provider demonstrates the third-party safety software provider has remediated any such deficiency and has taken satisfactory action to ensure such deficiency shall not reoccur), except in the case of a finding of-- (I) willful misconduct; (II) gross negligence; or (III) a demonstrated history of multiple failures in relation to the types of material risk described in paragraph (5)(C). (B) Exception.--The rights described in subparagraph (A) shall not prevent the Commission from suspending the registration of a third-party safety software provider to protect the public from ongoing material risk for the period during which the third- party safety software provider is in the process of exercising such rights. (c) Indemnification.--In any civil action in Federal or State court (other than an action brought by the Commission), a large social media platform provider may not be held liable for damages arising from transferring user data to a third-party safety software provider under subsection (a) if the large social media platform provider has complied with the requirements of this Act in good faith. (d) User Data Disclosure.-- (1) Permitted disclosures.--A third-party safety software provider may not disclose any user data obtained under subsection (a) to any other person, except-- (A) pursuant to a lawful request from a government body, including for law enforcement purposes or for judicial or administrative proceedings, by means of a court order or a court-ordered warrant, a subpoena or summons issued by a judicial officer, or a grand jury subpoena; (B) to the extent that such disclosure is required by law and such disclosure complies with and is limited to the relevant requirements of such law; (C) to a child who made a delegation under subsection (a)(1)(A) and whose data is at issue, the parent of such child, or to a parent who made such a delegation and whose child's data is at issue, with such third-party safety software provider making a good faith effort to ensure that such disclosure includes only the user data necessary for a reasonable parent to understand that such child is experiencing (or is at foreseeable risk to experience)-- (i) suicide; (ii) anxiety; (iii) depression; (iv) an eating disorder; (v) violence, including being the victim of or planning to commit or facilitate assault; (vi) substance abuse; (vii) fraud; (viii) severe forms of trafficking in persons (as defined in section 103 of the Trafficking Victims Protection Act of 2000 (22 U.S.C. 7102)); (ix) sexual abuse; (x) physical injury; (xi) harassment; (xii) sexually explicit conduct or child pornography (as such terms are defined in section 2256 of title 18, United States Code); (xiii) terrorism (as defined in section 140(d) of the Foreign Relations Authorization Act, Fiscal Years 1988 and 1989 (22 U.S.C. 2656f(d))), including communications with or in support of a foreign terrorist organization (as designated by the Secretary of State under section 219(a) of the Immigration and Nationality Act (8 U.S.C. 1189(a))); or (xiv) the sharing of personal information, limited to-- (I) home address; (II) phone number; (III) social security number; and (IV) personal banking information; (D) in the case of a good faith determination that disclosure is necessary to prevent or lessen a reasonably foreseeable serious and imminent threat to the health or safety of any individual, if the disclosure is made to a person reasonably able to prevent or lessen the threat; or (E) to a public health authority or other appropriate government authority authorized by law to receive reports of child abuse or neglect. (2) Disclosure reporting.--A third-party safety software provider that makes a disclosure permitted by subparagraphs (A), (B), (D), or (E) of paragraph (1) shall promptly inform the child or parent who made a delegation under subsection (a)(1)(A) that such a disclosure has been or will be made, except if the third-party safety software provider-- (A) in the exercise of professional judgment, determines informing such child or parent would place such child at risk of serious harm; or (B) is prohibited by law (including through a valid order by a court or administrative body) from informing such child or parent. (3) Child exploitation.--Nothing in this Act shall be construed to relieve a third-party safety software provider or a large social media platform from their duty to report pursuant to section 2258A of title 18, United States Code. SEC. 4. IMPLEMENTATION AND ENFORCEMENT. (a) Enforcement.-- (1) Unfair or deceptive acts or practices.--A violation of this Act shall be treated as a violation of a rule defining an unfair or deceptive act or practice prescribed under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)). (2) Powers of the commission.-- (A) In general.--The Commission shall enforce this Act in the same manner, by the same means, and with the same jurisdiction, powers, and duties as though all applicable terms and provisions of the Federal Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into and made a part of this Act. (B) Privileges and immunities.--Any person who violates this Act shall be subject to the penalties and entitled to the privileges and immunities provided in the Federal Trade Commission Act (15 U.S.C. 41 et seq.). (3) Preservation of authority.--Nothing in this Act may be construed to limit the authority of the Commission under any other provision of law. (b) Compliance Assessment.--The Commission, on a biannual basis, shall assess compliance by large social media platform providers with the provisions of this Act. (c) Complaints.--Not later than 180 days after the date of enactment of this Act, the Commission shall establish procedures under which a child (or the parent of such child), a large social media platform provider, or a third-party safety software provider may file a complaint alleging that a large social media platform provider or a third-party safety software provider has violated this Act. SEC. 5. ONE NATIONAL STANDARD. (a) In General.--No State or political subdivision of a State may maintain, enforce, prescribe, or continue in effect any law, rule, regulation, requirement, standard, or other provision having the force and effect of law of the State, or political subdivision of a State, related to requiring large social media platform providers to create, maintain, and make available to third-party safety software providers a set of real-time application programming interfaces for the purposes of child online safety, through which a child or a parent of a child may delegate permission to a third-party safety software provider to manage the online interactions, content, and account settings of such child on a large social media platform in the same manner as is available to the child. (b) Rule of Construction.--This section may not be construed to-- (1) limit the enforcement of any consumer protection law of general applicability of a State or political subdivision of a State; (2) preempt the applicability of State trespass, contract, or tort law; or (3) preempt the applicability of any State law to the extent that the law relates to acts of fraud, unauthorized access to personal information, or notification of unauthorized access to personal information. \n\nSUMMARY TO EVALUATE:\nTitle: Sammy’s Law: Empowering Parents and Kids with Social Media Safety Tools\nSummary: This bill requires large social media platforms to allow third-party safety apps to help protect children online. Parents and minors can use these tools to monitor content, manage interactions, and adjust privacy settings to prevent harm.\nKey Points: Platforms with over 100 million users must provide technical access (APIs) to approved safety software., Minors under 17 and parents of children under 13 can delegate account management to safety apps., Safety software providers are strictly prohibited from selling user data and must register with the FTC., The goal is to identify and prevent risks like cyberbullying, self-harm, substance abuse, and online exploitation.\n\nZASADY OCENY:\n1. Sprawdź wszystkie LICZBY, DATY i KWOTY w SUMMARY. Jeśli którejś brakuje w SOURCE -> is_valid: false.\n2. Sprawdź wszystkie NAZWISKA, ORGANIZACJE i MIEJSCA w SUMMARY. Jeśli którejś brakuje w SOURCE -> is_valid: false.\n3. Sprawdź wszystkie konkretne DZIAŁANIA PRAWNE . Jeśli tego mechanizmu nie ma w SOURCE -> is_valid: false.\n\nWAŻNE: Abstrakcyjne pojęcia (np. \"transparentność\", \"zaufanie\") są dozwolone jako wnioski.\n\nOUTPUT (JSON):\n{\n \"is_valid\": true/false,\n \"issue\": \"fabricated_entity\" / \"contradiction\" / \"none\"\n}\n\nWYMAGANIA FORMATOWANIA:\n1. Odpowiedz WYŁĄCZNIE surowym obiektem JSON.\n2. NIE używaj bloków kodu Markdown.\n3. NIE dodawaj żadnych wstępów ani wyjaśnień przed ani po JSONie.\n4. JSON musi być poprawny i gotowy do parsowania.\n\n", "ai_response_raw": "{\n \"is_valid\": true,\n \"issue\": \"none\"\n}" }, { "timestamp": "2026-03-28T12:17:39.478Z", "source_url": "https://www.congress.gov/119/bills/s4159/BILLS-119s4159is.htm", "model": "gemini-flash-latest", "prompt_sent": "\nJesteś ekspertem od prawa Stanów Zjednoczonych, który ma za zadanie analizować dokumenty ustaw, uchwał oraz innych dokumentów legislacyjnych, a następnie przygotowywać z nich informacje w przystępny sposób dla obywateli. Twoim celem jest przedstawienie informacji tak, aby obywatele mogli sami ocenić wpływ legislacji na ich życie, nawet bez posiadania specjalistycznej wiedzy legislacyjnej. Skup się na faktach i obiektywnych skutkach wprowadzanych zmian, unikając wartościowania i osobistych opinii. Wszelki żargon prawny jest zabroniony. Prezentuj informacje w jasny, zwięzły i angażujący sposób, tak aby były zrozumiałe dla osoby bez wykształcenia prawniczego. Unikaj długich, złożonych zdań. Zamiast pisać \"projekt ma na celu nowelizację kodeksu podatkowego...\", napisz \"Zmiany w podatkach: nowe ulgi i obowiązki dla...\". Kontynuuj swoją pracę, dopóki nie rozwiążesz swojego zadania. Jeśli nie masz pewności co do generowanej treści, przeanalizuj dokument ponownie – nie zgaduj. Rozplanuj dobrze swoje zadanie przed przystąpieniem do niego. W podsumowaniu i kluczowych punktach, jeśli to możliwe i uzasadnione, podkreśl, jakie konkretne korzyści lub skutki (pozytywne lub negatywne) wprowadza ustawa dla życia codziennego obywateli, ich praw i obowiązków, finansów osobistych, bezpieczeństwa i innych ważnych kwestii (np. kategorycznych zakazów i nakazów czy najważniejszych konkretnych alokacji finansowych i terytorialnych).\n\nTwoja odpowiedź MUSI być w formacie JSON - i zawierać następujące klucze.\nZanim zwrócisz odpowiedź, dokładnie zweryfikuj, czy cała struktura JSON jest w 100% poprawna, włącznie ze wszystkimi przecinkami, nawiasami klamrowymi, kwadratowymi oraz cudzysłowami. Błędny JSON jest nieakceptowalny i uniemożliwi przetworzenie Twojej pracy.\n\nPrzeanalizuj dokładnie poniższy tekst dokumentu prawnego. To jest treść, na podstawie której masz wygenerować podsumowanie i kluczowe punkty:\n--- POCZĄTEK DOKUMENTU ---\n[Congressional Bills 119th Congress] [From the U.S. Government Publishing Office] [S. 4159 Introduced in Senate (IS)] 119th CONGRESS 2d Session S. 4159 To require large social media platform providers to create, maintain, and make available to third-party safety software providers a set of real-time application programming interfaces, through which a child or a parent may delegate permission to a third-party safety software provider to manage the online interactions, content, and account settings of such child on the large social media platform in the same manner as is available to the child, and for other purposes. _______________________________________________________________________ IN THE SENATE OF THE UNITED STATES March 20, 2026 Mr. Husted (for himself, Mrs. Britt, and Mr. Warner) introduced the following bill; which was read twice and referred to the Committee on Commerce, Science, and Transportation _______________________________________________________________________ A BILL To require large social media platform providers to create, maintain, and make available to third-party safety software providers a set of real-time application programming interfaces, through which a child or a parent may delegate permission to a third-party safety software provider to manage the online interactions, content, and account settings of such child on the large social media platform in the same manner as is available to the child, and for other purposes. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as ``Sammy's Law''. SEC. 2. DEFINITIONS. In this Act: (1) Child.--The term ``child'' means any individual who-- (A) has not attained 17 years of age; and (B) has registered an account with a large social media platform. (2) Commerce.--The term ``commerce'' has the meaning given such term in section 4 of the Federal Trade Commission Act (15 U.S.C. 44). (3) Commission.--The term ``Commission'' means the Federal Trade Commission. (4) Covered nation.--The term ``covered nation'' has the meaning given such term in section 4872(f) of title 10, United States Code. (5) Large social media platform.--The term ``large social media platform''-- (A) means a service-- (i) provided through an internet website or a mobile application; (ii) the terms of service of which do not prohibit the use of the service by a child; (iii) with any feature that enables a child to share images, text, or video through the internet with other users of the service whom such child has met, identified, or become aware of solely through the use of the service; and (iv) that has more than 100,000,000 monthly global active users or generates more than $1,000,000,000 in gross revenue per year, adjusted yearly for inflation; and (B) does not include-- (i) a service that primarily serves-- (I) to facilitate-- (aa) the sale or provision of a professional service; or (bb) the sale of a commercial product; or (II) to provide news or information in a manner in which a user of the service may not send any content directly to a child through such service; or (ii) a service that-- (I) has a feature that enables a user who communicates directly with a child through a message (including images, text, audio, or video messages) to add to such message other users that such child may have met, identified, or become aware of solely through the use of the service; and (II) does not have any feature described in subparagraph (A)(iii). (6) Large social media platform provider.--The term ``large social media platform provider'' means any person who, for commercial purposes in or affecting commerce, provides, manages, operates, owns, or controls a large social media platform. (7) Parent.--The term ``parent'' means, with respect to a child, the parent or legal guardian of such child. (8) Sale.--The term ``sale'', with respect to user data-- (A) means the exchange of user data for monetary consideration; and (B) does not include the disclosure of user data by a third-party safety software provider to a processor or service provider that processes user data on behalf of the third-party safety software provider. (9) State.--The term ``State'' means each of the 50 States, the District of Columbia, each commonwealth, territory, or possession of the United States, and each federally recognized Indian Tribe. (10) Third-party safety software provider.--The term ``third-party safety software provider'' means any person who, for commercial purposes in or affecting commerce-- (A) is authorized to interact with a relevant large social media platform to manage the online interactions, content, or account settings of a child for the sole purpose of protecting the child from harm, including physical or emotional harm; and (B) has received such authorization from the child, or in the case of a child who has not attained 13 years of age, the parent of such child. (11) User data.--The term ``user data'' means any information reasonably necessary for a user to have a profile or submit content on a large social media platform (including any image, text, audio, or video) that is created by or sent to a child through the account of the child on such platform, but only-- (A) if the information or content is created by or sent to the child while a delegation under section 3(a)(1)(A) is in effect with respect to the account; and (B) during a 30-day period beginning on the date on which the information or content is created by or sent to such child. SEC. 3. PROVIDING ACCESS TO THIRD-PARTY SAFETY SOFTWARE PROVIDERS. (a) Obligations of Large Social Media Platform Providers.-- (1) Availability of application programming interfaces.-- (A) In general.--Not later than the date described in subparagraph (B), a large social media platform provider shall create, maintain, and make available to a third-party safety software provider registered with the Commission under subsection (b)(3) a set of third- party-accessible real-time application programming interfaces, including any information necessary to use such interfaces, by which a child (or, in the case of a child who has not attained 13 years of age, a parent of the child) may delegate permission to the third-party safety software provider to-- (i) manage any online interaction with or content created by or sent to the child, as well as the account settings of the child on the large social media platform in the same manner as is available to the child; and (ii) initiate a secure transfer of user data from the large social media platform in a commonly used and machine-readable format to the third-party safety software provider, where the frequency of such transfers may not be limited by the large social media platform provider to less than once per hour. (B) Date described.--For purposes of subparagraph (A), the date described in this subparagraph is-- (i) in the case of a service that is a large social media platform on the date of enactment of this Act, 180 days after such date; or (ii) in the case of a service that becomes a large social media platform after such date of enactment, not later than 30 days after the date on which such service becomes a large social media platform. (2) Revocation.--Once a child or parent makes a delegation under paragraph (1)(A), the large social media platform provider shall make the application programming interfaces and information described in such paragraph available to the relevant third-party safety software provider on an ongoing basis until-- (A) the child or a parent, as applicable, revokes the delegation; (B) the child or a parent, as applicable, revokes or disables the registration of the account of such child with the large social media platform; (C) the third-party safety software provider-- (i) rejects the delegation; (ii) receives notice that-- (I) the parent of such child who made the delegation no longer has legal parental rights over such child; or (II) a temporary arrangement has been put in place by a court or legal authority regarding the custody of such child; or (iii) is deregistered by the Commission; or (D) the child attains the age of 17 years old. (3) Data security.-- (A) In general.--A large social media platform provider shall establish, implement, and maintain reasonable policies, practices, and procedures to protect-- (i) the confidentiality, integrity, and accessibility of user data transferred from the large social media platform provider to a third-party safety software provider pursuant to a delegation under paragraph (1)(A); and (ii) any such user data against unauthorized access. (B) Scope.--The policies, practices, and procedures required by subparagraph (A) shall be-- (i) consistent with state-of-the-art administrative, technical, and physical safeguards for protecting transferred user data; and (ii) appropriate to the nature, scope, and volume of such user data. (4) Disclosure.--In the case of a delegation made by a child or a parent, as applicable, under paragraph (1)(A), with respect to the account of such child with a large social media platform, the large social media platform provider shall-- (A) disclose to such child or parent, as applicable, such delegation; (B) provide to such child or parent, as applicable, a summary of any user data transferred to a third-party safety software provider; and (C) update such summary as necessary to reflect any change to such user data. (5) Limitation.--Any management by a third-party safety software provider pursuant to paragraph (1)(A)(i) shall be limited to such management that protects a child from harm, including any such management related to the optimization of any privacy setting on an account of the child, stated user age, and marketing settings for the account. (6) User control.-- (A) In general.--If a large social media platform uses a messaging feature or service that provides security features that give a user control over access to the content of any communication of the user in a manner that renders the access of the large social media platform to such content technically infeasible without overriding such control, then the following shall apply: (i) The large social media platform may not be required to grant a third-party safety software provider access to such content through a set of third-party-accessible real- time application programming interfaces under paragraph (1)(A). (ii) The large social media platform, upon a delegation under paragraph (1)(A), shall-- (I) make available and maintain a technical interface that enables contemporaneous transmission of such communication to a third-party safety software provider-- (aa) registered under subsection (b)(3); and (bb) selected by the child or parent, as applicable, as a user-designated recipient; (II) maintain such security features without altering, bypassing, or overriding such features; (III) permit the communicating users (and any user-designated recipient) to access the content through such interface; and (IV) not gain access to the content of such communication. (B) Rule of construction.--Nothing in this paragraph may be construed to limit the obligations of a large social media platform under this Act with respect to user data other than the content of communications described in this paragraph. (b) Third-Party Safety Software Providers.-- (1) Protection of user data.--A third-party safety software provider shall-- (A) limit any collection, maintenance, and processing of user data the third-party safety software provider obtains pursuant to this Act to what is adequate, relevant, and reasonably necessary for the purposes for which the user data is collected, maintained, or processed, or disclosed to a parent under subsection (d)(1)(C); (B) establish, implement, and maintain reasonable policies, practices, and procedures (that are consistent with state-of-the-art administrative, technical, and physical safeguards related to protecting transferred user data and appropriate to the nature, scope, and volume of such user data) to protect-- (i) the confidentiality, integrity, and accessibility of the user data received from a large social media platform pursuant to this Act; and (ii) the user data received from a large social media platform pursuant to this Act against unauthorized access; and (C) upon any revocation described in subsection (a)(2), delete the user data of the child within 5 days. (2) Prohibition on sale.--A third-party safety software provider may not sell any user data collected, maintained, or processed pursuant to this Act. (3) Registration with the commission.--A third-party safety software provider shall register with the Commission as a condition of accessing an application programming interface and any information under subsection (a). In order to complete such registration, the third-party safety software provider shall demonstrate the following to the satisfaction of the Commission: (A) The third-party safety software provider is not operated, directly or indirectly (including through a parent company, subsidiary, or affiliate), by a company operated or controlled by a covered nation. (B) Such software provider will collect, process, maintain, or otherwise use any user data obtained under subsection (a) for the sole purpose of protecting a child from harm in accordance with any applicable terms of service and the provisions of this Act. (C) Such software provider will only disclose user data obtained under subsection (a) as permitted by subsection (d). (D) Such software provider will not sell, disclose, process, store, transfer, or otherwise make available user data obtained under this Act to a government of a covered nation or to a company operated or controlled by a covered nation. (E)(i) Such software provider will delete any user data obtained under this Act as soon as possible-- (I) but not later than 5 days after receiving such data from a large social media platform; and (II) not including any data the software provider discloses under subsection (d). (ii) For any data disclosed under subsection (d)(1)(C), such software provider will maintain such data until-- (I) the child or parent who made a delegation under subsection (a)(1)(A), and whose data is at issue, requests that the third-party safety software provider delete such data; (II) the child attains 17 years of age; or (III) the third-party safety software provider is deregistered by the Commission. (iii) In the event that the child or parent who made a delegation under subsection (a)(1)(A) revokes the delegation, such software provider will delete all applicable user data not later than 15 days after the date of such revocation. (F) Such software provider will disclose, in an easy-to-understand, human-readable format, to each child with respect to whose account with a large social media platform the service of the third-party safety software provider is operating and (if a parent made the delegation under subsection (a)(1)(A) with respect to the account) to the parent, sufficient information detailing the operation of the service and what information the software provider is collecting to enable such child or parent, as applicable, to make informed decisions regarding the use of the service. (G) Such software provider will disclose, in an easy-to-understand format to each child or parent who made a delegation under subsection (a)(1)(A) notice of any material changes in how the third-party safety software provider provides services. (H) Such software provider is able to provide services in accordance with any applicable terms of service and any relevant disclosures made to any consumer, including by ensuring such terms and disclosures are clear and conspicuous and are written in plain and easy-to-understand English. (I) Such software provider has established, implemented, and maintained reasonable policies, practices, and procedures to protect the confidentiality, integrity, and accessibility of any user data collected or processed pursuant to this Act and that the policies, practices, and procedures are appropriate to ensure a level of security appropriate to the risk to such user data, the cost of implementing such policies, practices, and procedures, and the nature, scope, and volume of such user data. (J) Such software provider assesses compliance with applicable Federal law, including the requirements of this Act. (K) Such software provider is in compliance with the requirements of this Act. (4) Annual audit.-- (A) Audit process; audit report.--For each year or partial year during which a third-party safety software provider is registered with the Commission under paragraph (3), the third-party safety software provider shall retain the services of a qualified independent auditing firm to complete an annual audit and write an audit report (which shall be exempt from disclosure under section 552(b)(3) of title 5, United States Code) that includes-- (i) a review and assessment of such registration and any subsequent written reports, including whether the third-party safety software provider has remained in compliance with the conditions described in paragraph (3); and (ii) an identification of whether the third-party safety software provider has made any material changes in how the third-party safety software provider provides services, and in the event of any such material changes-- (I) an explanation as to how such changes have impacted users; and (II) any information relating to whether such users were notified of the material change at the time the material change was implemented. (B) Submission to the commission.--Not later than 30 days after the date on which an audit report is written under subparagraph (A), a third-party safety software provider shall submit to the Commission-- (i) a full copy of such audit report; and (ii) a summary of such audit report that may contain redactions to protect the confidential business information and trade secrets of the third-party safety software provider. (C) Audit review by the commission.--The Commission shall-- (i) review each audit report submitted by a third-party safety software provider under subparagraph (B)(i) to verify compliance with the requirements of this Act; (ii) make a copy of the summary of such audit report submitted under subparagraph (B)(ii) available to the public; and (iii) in the event an audit required under subparagraph (A) detects an unusual finding, and prior to any adverse action taken by the Commission under paragraph (5), direct a third- party safety software provider to promptly investigate and resolve the matter. (5) Additional oversight of third-party safety software providers.--In addition to the jurisdiction, powers, and duties of the Commission otherwise provided under this Act and any other provision of law, the Commission may take an adverse action against a third-party safety software provider, including by-- (A) denying registration of the third-party safety software provider under paragraph (3); (B) permanently deregistering the third-party safety software provider; and (C) suspending the registration of the third-party safety software provider due to a finding by the Commission of a material risk to the security of the data or safety of the public, including for-- (i) willful misconduct or gross negligence by the third-party safety software provider; (ii) a material misrepresentation made by a third-party safety software provider to the Commission or to any consumer; (iii) failure by the third-party safety software provider to comply with any requirements of this Act or failure to operate in accordance with the affirmations, assertions, representations, or terms of any security review, audit, terms of services, or consumer disclosures; or (iv) failure by the third-party safety software provider to respond to an unusual finding in an annual audit completed under paragraph (4). (6) Rights of third-party safety software providers.-- (A) In general.--In the event the Commission takes an adverse action against a third-party safety software provider under paragraph (5), the Commission shall give the third-party safety software provider the opportunity to-- (i) appeal such adverse action; and (ii) remediate any deficiency described in an annual audit completed under paragraph (4) within 45 days (if the third-party safety software provider demonstrates the third-party safety software provider has remediated any such deficiency and has taken satisfactory action to ensure such deficiency shall not reoccur), except in the case of a finding of-- (I) willful misconduct; (II) gross negligence; or (III) a demonstrated history of multiple failures in relation to the types of material risk described in paragraph (5)(C). (B) Exception.--The rights described in subparagraph (A) shall not prevent the Commission from suspending the registration of a third-party safety software provider to protect the public from ongoing material risk for the period during which the third- party safety software provider is in the process of exercising such rights. (c) Indemnification.--In any civil action in Federal or State court (other than an action brought by the Commission), a large social media platform provider may not be held liable for damages arising from transferring user data to a third-party safety software provider under subsection (a) if the large social media platform provider has complied with the requirements of this Act in good faith. (d) User Data Disclosure.-- (1) Permitted disclosures.--A third-party safety software provider may not disclose any user data obtained under subsection (a) to any other person, except-- (A) pursuant to a lawful request from a government body, including for law enforcement purposes or for judicial or administrative proceedings, by means of a court order or a court-ordered warrant, a subpoena or summons issued by a judicial officer, or a grand jury subpoena; (B) to the extent that such disclosure is required by law and such disclosure complies with and is limited to the relevant requirements of such law; (C) to a child who made a delegation under subsection (a)(1)(A) and whose data is at issue, the parent of such child, or to a parent who made such a delegation and whose child's data is at issue, with such third-party safety software provider making a good faith effort to ensure that such disclosure includes only the user data necessary for a reasonable parent to understand that such child is experiencing (or is at foreseeable risk to experience)-- (i) suicide; (ii) anxiety; (iii) depression; (iv) an eating disorder; (v) violence, including being the victim of or planning to commit or facilitate assault; (vi) substance abuse; (vii) fraud; (viii) severe forms of trafficking in persons (as defined in section 103 of the Trafficking Victims Protection Act of 2000 (22 U.S.C. 7102)); (ix) sexual abuse; (x) physical injury; (xi) harassment; (xii) sexually explicit conduct or child pornography (as such terms are defined in section 2256 of title 18, United States Code); (xiii) terrorism (as defined in section 140(d) of the Foreign Relations Authorization Act, Fiscal Years 1988 and 1989 (22 U.S.C. 2656f(d))), including communications with or in support of a foreign terrorist organization (as designated by the Secretary of State under section 219(a) of the Immigration and Nationality Act (8 U.S.C. 1189(a))); or (xiv) the sharing of personal information, limited to-- (I) home address; (II) phone number; (III) social security number; and (IV) personal banking information; (D) in the case of a good faith determination that disclosure is necessary to prevent or lessen a reasonably foreseeable serious and imminent threat to the health or safety of any individual, if the disclosure is made to a person reasonably able to prevent or lessen the threat; or (E) to a public health authority or other appropriate government authority authorized by law to receive reports of child abuse or neglect. (2) Disclosure reporting.--A third-party safety software provider that makes a disclosure permitted by subparagraphs (A), (B), (D), or (E) of paragraph (1) shall promptly inform the child or parent who made a delegation under subsection (a)(1)(A) that such a disclosure has been or will be made, except if the third-party safety software provider-- (A) in the exercise of professional judgment, determines informing such child or parent would place such child at risk of serious harm; or (B) is prohibited by law (including through a valid order by a court or administrative body) from informing such child or parent. (3) Child exploitation.--Nothing in this Act shall be construed to relieve a third-party safety software provider or a large social media platform from their duty to report pursuant to section 2258A of title 18, United States Code. SEC. 4. IMPLEMENTATION AND ENFORCEMENT. (a) Enforcement.-- (1) Unfair or deceptive acts or practices.--A violation of this Act shall be treated as a violation of a rule defining an unfair or deceptive act or practice prescribed under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)). (2) Powers of the commission.-- (A) In general.--The Commission shall enforce this Act in the same manner, by the same means, and with the same jurisdiction, powers, and duties as though all applicable terms and provisions of the Federal Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into and made a part of this Act. (B) Privileges and immunities.--Any person who violates this Act shall be subject to the penalties and entitled to the privileges and immunities provided in the Federal Trade Commission Act (15 U.S.C. 41 et seq.). (3) Preservation of authority.--Nothing in this Act may be construed to limit the authority of the Commission under any other provision of law. (b) Compliance Assessment.--The Commission, on a biannual basis, shall assess compliance by large social media platform providers with the provisions of this Act. (c) Complaints.--Not later than 180 days after the date of enactment of this Act, the Commission shall establish procedures under which a child (or the parent of such child), a large social media platform provider, or a third-party safety software provider may file a complaint alleging that a large social media platform provider or a third-party safety software provider has violated this Act. SEC. 5. ONE NATIONAL STANDARD. (a) In General.--No State or political subdivision of a State may maintain, enforce, prescribe, or continue in effect any law, rule, regulation, requirement, standard, or other provision having the force and effect of law of the State, or political subdivision of a State, related to requiring large social media platform providers to create, maintain, and make available to third-party safety software providers a set of real-time application programming interfaces for the purposes of child online safety, through which a child or a parent of a child may delegate permission to a third-party safety software provider to manage the online interactions, content, and account settings of such child on a large social media platform in the same manner as is available to the child. (b) Rule of Construction.--This section may not be construed to-- (1) limit the enforcement of any consumer protection law of general applicability of a State or political subdivision of a State; (2) preempt the applicability of State trespass, contract, or tort law; or (3) preempt the applicability of any State law to the extent that the law relates to acts of fraud, unauthorized access to personal information, or notification of unauthorized access to personal information. \n--- KONIEC DOKUMENTU ---\n\nPAMIĘTAJ: Twoja odpowiedź MUSI być wyłącznie poprawnym obiektem JSON. Nie dodawaj żadnych dodatkowych znaków, komentarzy ani tekstu przed znacznikiem '{' ani po znaczniku '}'. Cała odpowiedź musi być parsowalna jako JSON.\nNa podstawie POWYŻSZEGO dokumentu, wypełnij poniższą strukturę JSON:\nOto struktura JSON, której oczekuję (wypełnij ją treścią):\n{\n \"pl_ai_title\": \"Nowy, krótki tytuł dla aktu prawnego po polsku, oddający sedno wprowadzanych zmian (np. maksymalnie 10-12 słów).\",\n \"pl_summary\": \"2-3 zdania zwięzłego podsumowania treści aktu prawnego po polsku, napisane z perspektywy wpływu na życie codzienne obywateli.\",\n \"pl_key_points\": [\n \"Pierwszy krótki punkt po polsku dotyczący najważniejszych wprowadzanych rozwiązań lub zmian.\",\n \"Drugi krótki punkt po polsku...\"\n ],\n \"eng_ai_title\": \"A new, short title for the legal act in English, capturing the essence of the changes (e.g., max 10-12 words).\",\n \"eng_summary\": \"2-3 sentences summarizing the legal act in English, from the perspective of its impact on citizens' daily lives.\",\n \"eng_key_points\": [\n \"First short bullet point in English regarding the most important solutions or changes being introduced.\",\n \"Second short bullet point in English...\"\n ],\n \"de_ai_title\": \"Ein neuer, kurzer Titel für das Rechtsdokument auf Deutsch, der den Kern der Änderungen erfasst (z.B. max. 10-12 Wörter).\",\n \"de_summary\": \"2-3 Sätze Zusammenfassung des Rechtsdokuments auf Deutsch, aus der Perspektive seiner Auswirkungen auf das tägliche Leben der Bürger.\",\n \"de_key_points\": [\n \"Erster kurzer Stichpunkt auf Deutsch zu den wichtigsten eingeführten Lösungen oder Änderungen.\",\n \"Zweiter kurzer Stichpunkt auf Deutsch...\"\n ],\n \"fr_ai_title\": \"Un nouveau titre court pour l'acte juridique en français, saisissant l'essence des changements (par exemple, 10-12 mots maximum).\",\n \"fr_summary\": \"Résumé de 2-3 phrases de l'acte juridique en français, du point de vue de son impact sur la vie quotidienne des citoyens.\",\n \"fr_key_points\": [\n \"Premier court point en français concernant les solutions ou changements les plus importants introduits.\",\n \"Deuxième court point en français...\"\n ],\n \"es_ai_title\": \"Un nuevo título breve para el acto jurídico en español, que recoja la esencia de los cambios (por ejemplo, máximo 10-12 palabras).\",\n \"es_summary\": \"Resumen de 2-3 frases del acto jurídico en español, desde la perspectiva de su impacto en la vida cotidiana de los ciudadanos.\",\n \"es_key_points\": [\n \"Primer punto breve en español sobre las soluciones o cambios más importantes que se introducen.\",\n \"Segundo punto breve en español...\"\n ],\n \"it_ai_title\": \"Un nuovo titolo breve per l'atto giuridico in italiano, che colga l'essenza delle modifiche (ad es. massimo 10-12 parole).\",\n \"it_summary\": \"Riepilogo di 2-3 frasi dell'atto giuridico in italiano, dal punto di vista del suo impatto sulla vita quotidiana dei cittadini.\",\n \"it_key_points\": [\n \"Primo breve punto in italiano riguardante le soluzioni o le modifiche più importanti introdotte.\",\n \"Secondo breve punto in italiano...\"\n ],\n \"nl_ai_title\": \"Een nieuwe, korte titel voor de rechtshandeling in het Nederlands, die de essentie van de wijzigingen weergeeft (bijv. max. 10-12 woorden).\",\n \"nl_summary\": \"Samenvatting van 2-3 zinnen van de rechtshandeling in het Nederlands, vanuit het perspectief van de impact op het dagelijks leven van burgers.\",\n \"nl_key_points\": [\n \"Eerste korte punt in het Nederlands betreffende de belangrijkste geïntroduceerde oplossingen of wijzigingen.\",\n \"Tweede korte punt in het Nederlands...\"\n ],\n \"pt_ai_title\": \"Um novo título curto para o ato jurídico em português, capturando a essência das mudanças (por exemplo, máx. 10-12 palavras).\",\n \"pt_summary\": \"Resumo de 2-3 frases do ato jurídico em português, na perspetiva do seu impacto na vida quotidiana dos cidadãos.\",\n \"pt_key_points\": [\n \"Primeiro ponto curto em português sobre as soluções ou alterações mais importantes introduzidas.\",\n \"Segundo ponto curto em português...\"\n ],\n \"category\": [\"Categorize the document into one category by default, based on the field it primarily concerns. Choose up to 3 if the document also touches upon SIGNIFICANT issues from other categories. You MUST select categories ONLY from the following list: Health, Education, Family, Taxes, Labor, Security, Environment, Courts and Law, Transport, Benefits, Real Estate, Media and Culture, Local Government, Migration, Agriculture, Public Investments, Informatization, Economy. If the document does not definitively fit any of these, you MUST use \"Other\". If you use \"Other\", it should be the ONLY category selected. Do NOT invent new categories. The response must be an array of strings, e.g., [\"Taxes\", \"Family\"].\"]\n}\n\n", "ai_response_raw": "{\n \"pl_ai_title\": \"Prawo Sammy’ego: Większa kontrola rodzicielska i ochrona dzieci w mediach społecznościowych\",\n \"pl_summary\": \"Ustawa nakłada na duże platformy społecznościowe obowiązek udostępnienia narzędzi zewnętrznym firmom zajmującym się bezpieczeństwem. Dzięki temu rodzice i młodzież będą mogli korzystać z aplikacji monitorujących zagrożenia i zarządzających ustawieniami prywatności w czasie rzeczywistym.\",\n \"pl_key_points\": [\n \"Duże serwisy (ponad 100 mln użytkowników) muszą udostępnić interfejsy techniczne (API) dla programów ochronnych.\",\n \"Rodzice dzieci poniżej 13 lat oraz młodzież do 17 roku życia mogą przekazać zarządzanie kontem wybranej aplikacji bezpieczeństwa.\",\n \"Zewnętrzne firmy nie mogą sprzedawać danych użytkowników i muszą być zarejestrowane w Federalnej Komisji Handlu (FTC).\",\n \"Oprogramowanie ma chronić przed takimi zagrożeniami jak nękanie, depresja, przemoc, narkotyki czy wykorzystywanie seksualne.\"\n ],\n \"eng_ai_title\": \"Sammy’s Law: Empowering Parents and Kids with Social Media Safety Tools\",\n \"eng_summary\": \"This bill requires large social media platforms to allow third-party safety apps to help protect children online. Parents and minors can use these tools to monitor content, manage interactions, and adjust privacy settings to prevent harm.\",\n \"eng_key_points\": [\n \"Platforms with over 100 million users must provide technical access (APIs) to approved safety software.\",\n \"Minors under 17 and parents of children under 13 can delegate account management to safety apps.\",\n \"Safety software providers are strictly prohibited from selling user data and must register with the FTC.\",\n \"The goal is to identify and prevent risks like cyberbullying, self-harm, substance abuse, and online exploitation.\"\n ],\n \"de_ai_title\": \"Sammys Gesetz: Mehr Sicherheit für Kinder durch externe Schutzsoftware auf Social Media\",\n \"de_summary\": \"Große soziale Netzwerke müssen Schnittstellen für Sicherheitssoftware von Drittanbietern bereitstellen. Dies ermöglicht es Eltern und Jugendlichen, ihre Online-Interaktionen besser zu überwachen und sich vor Gefahren im Internet zu schützen.\",\n \"de_key_points\": [\n \"Plattformen mit über 100 Millionen Nutzern müssen technischen Zugriff (APIs) für Sicherheits-Apps ermöglichen.\",\n \"Jugendliche bis 17 Jahre und Eltern von Kindern unter 13 können die Kontoverwaltung an Schutzprogramme delegieren.\",\n \"Drittanbieter von Sicherheitssoftware dürfen Nutzerdaten nicht verkaufen und müssen sich bei der FTC registrieren.\",\n \"Die Software soll vor Risiken wie Mobbing, Depressionen, Gewalt, Drogenmissbrauch und sexuellem Missbrauch schützen.\"\n ],\n \"fr_ai_title\": \"Loi Sammy : Renforcer la sécurité des mineurs sur les réseaux sociaux via des logiciels tiers\",\n \"fr_summary\": \"Cette loi oblige les grandes plateformes de réseaux sociaux à ouvrir leurs systèmes à des logiciels de sécurité tiers. Les parents et les mineurs pourront ainsi utiliser des outils externes pour surveiller les contenus et prévenir les risques en ligne.\",\n \"fr_key_points\": [\n \"Les plateformes de plus de 100 millions d'utilisateurs doivent fournir des accès techniques (API) aux logiciels de protection.\",\n \"Les mineurs de moins de 17 ans et les parents d'enfants de moins de 13 ans peuvent déléguer la gestion du compte à une application de sécurité.\",\n \"Il est interdit aux fournisseurs de logiciels de sécurité de vendre les données des utilisateurs et ils doivent s'enregistrer auprès de la FTC.\",\n \"Les outils visent à protéger contre le harcèlement, la violence, l'exploitation sexuelle et les troubles mentaux.\"\n ],\n \"es_ai_title\": \"Ley de Sammy: Nuevas herramientas de seguridad para proteger a menores en redes sociales\",\n \"es_summary\": \"Esta ley exige que las grandes redes sociales permitan el uso de software de seguridad de terceros para proteger a los menores. Los padres y jóvenes podrán delegar la gestión de sus cuentas a estas aplicaciones para evitar riesgos digitales.\",\n \"es_key_points\": [\n \"Plataformas con más de 100 millones de usuarios deben facilitar el acceso técnico (API) a aplicaciones de seguridad externas.\",\n \"Menores de 17 años y padres de niños menores de 13 pueden autorizar a software externo para gestionar interacciones y privacidad.\",\n \"Las empresas de software de seguridad tienen prohibido vender datos de usuarios y deben registrarse ante la FTC.\",\n \"El objetivo es prevenir el acoso, la violencia, la explotación, el abuso de sustancias y problemas de salud mental.\"\n ],\n \"it_ai_title\": \"Legge di Sammy: Più strumenti di sicurezza per i minori sui social media\",\n \"it_summary\": \"La legge impone alle grandi piattaforme social di consentire l'integrazione di software di sicurezza esterni. Genitori e minori potranno usare queste app per monitorare i contenuti e proteggersi dai pericoli del web.\",\n \"it_key_points\": [\n \"I social network con oltre 100 milioni di utenti devono fornire interfacce tecniche (API) a software di protezione certificati.\",\n \"I minori fino a 17 anni e i genitori di bambini sotto i 13 anni possono affidare la gestione del profilo ad app di sicurezza.\",\n \"I fornitori di software non possono vendere i dati degli utenti e devono essere registrati presso la FTC.\",\n \"Il sistema serve a contrastare bullismo, violenza, abusi, tossicodipendenza e rischi per la salute mentale.\"\n ],\n \"nl_ai_title\": \"Sammy’s Wet: Betere online bescherming voor kinderen via externe veiligheidssoftware\",\n \"nl_summary\": \"Grote sociale mediaplatforms worden verplicht om toegang te verlenen aan externe veiligheidsapps. Hierdoor kunnen ouders en jongeren tools gebruiken om online interacties te beheren en gevaren tijdig te signaleren.\",\n \"nl_key_points\": [\n \"Platforms met meer dan 100 miljoen gebruikers moeten technische koppelingen (API's) bieden voor beschermende software.\",\n \"Jongeren tot 17 jaar en ouders van kinderen onder de 13 kunnen het beheer van hun account delegeren aan een veiligheidsapp.\",\n \"Aanbieders van deze software mogen geen gebruikersgegevens verkopen en moeten zich registreren bij de FTC.\",\n \"De focus ligt op het voorkomen van pesten, geweld, misbruik, drugsmisbruik en mentale gezondheidsproblemen.\"\n ],\n \"pt_ai_title\": \"Lei de Sammy: Reforço da segurança de menores nas redes sociais com ferramentas externas\",\n \"pt_summary\": \"Esta lei obriga as grandes redes sociais a permitir que softwares de segurança de terceiros ajudem na proteção de menores. Pais e jovens poderão utilizar estas ferramentas para monitorizar conteúdos e prevenir riscos online.\",\n \"pt_key_points\": [\n \"Plataformas com mais de 100 milhões de utilizadores devem fornecer acesso técnico (APIs) a aplicações de proteção.\",\n \"Menores de 17 anos e pais de crianças com menos de 13 anos podem delegar a gestão da conta a um software de segurança.\",\n \"As empresas de software de segurança estão proibidas de vender dados de utilizadores e devem registar-se na FTC.\",\n \"As ferramentas visam proteger contra o bullying, violência, exploração sexual, abuso de substâncias e problemas de saúde mental.\"\n ],\n \"category\": [\"Media and Culture\", \"Security\", \"Family\"]\n}" }, { "timestamp": "2026-03-27T12:29:24.896Z", "source_url": "https://www.congress.gov/119/bills/s4159/BILLS-119s4159is.htm", "model": "gemini-flash-lite-latest", "prompt_sent": "\nROLE: Fact Checker.\nZADANIE: Porównaj SOURCE (oryginał) i SUMMARY (streszczenie przygotowane przez inne AI).\n\nTwoim celem jest wykrycie \"ZMYŚLONYCH KONKRETÓW\" (Fabricated Entities) w SUMMARY.\n\nSOURCE:\n[Congressional Bills 119th Congress] [From the U.S. Government Publishing Office] [S. 4159 Introduced in Senate (IS)] 119th CONGRESS 2d Session S. 4159 To require large social media platform providers to create, maintain, and make available to third-party safety software providers a set of real-time application programming interfaces, through which a child or a parent may delegate permission to a third-party safety software provider to manage the online interactions, content, and account settings of such child on the large social media platform in the same manner as is available to the child, and for other purposes. _______________________________________________________________________ IN THE SENATE OF THE UNITED STATES March 20, 2026 Mr. Husted (for himself, Mrs. Britt, and Mr. Warner) introduced the following bill; which was read twice and referred to the Committee on Commerce, Science, and Transportation _______________________________________________________________________ A BILL To require large social media platform providers to create, maintain, and make available to third-party safety software providers a set of real-time application programming interfaces, through which a child or a parent may delegate permission to a third-party safety software provider to manage the online interactions, content, and account settings of such child on the large social media platform in the same manner as is available to the child, and for other purposes. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as ``Sammy's Law''. SEC. 2. DEFINITIONS. In this Act: (1) Child.--The term ``child'' means any individual who-- (A) has not attained 17 years of age; and (B) has registered an account with a large social media platform. (2) Commerce.--The term ``commerce'' has the meaning given such term in section 4 of the Federal Trade Commission Act (15 U.S.C. 44). (3) Commission.--The term ``Commission'' means the Federal Trade Commission. (4) Covered nation.--The term ``covered nation'' has the meaning given such term in section 4872(f) of title 10, United States Code. (5) Large social media platform.--The term ``large social media platform''-- (A) means a service-- (i) provided through an internet website or a mobile application; (ii) the terms of service of which do not prohibit the use of the service by a child; (iii) with any feature that enables a child to share images, text, or video through the internet with other users of the service whom such child has met, identified, or become aware of solely through the use of the service; and (iv) that has more than 100,000,000 monthly global active users or generates more than $1,000,000,000 in gross revenue per year, adjusted yearly for inflation; and (B) does not include-- (i) a service that primarily serves-- (I) to facilitate-- (aa) the sale or provision of a professional service; or (bb) the sale of a commercial product; or (II) to provide news or information in a manner in which a user of the service may not send any content directly to a child through such service; or (ii) a service that-- (I) has a feature that enables a user who communicates directly with a child through a message (including images, text, audio, or video messages) to add to such message other users that such child may have met, identified, or become aware of solely through the use of the service; and (II) does not have any feature described in subparagraph (A)(iii). (6) Large social media platform provider.--The term ``large social media platform provider'' means any person who, for commercial purposes in or affecting commerce, provides, manages, operates, owns, or controls a large social media platform. (7) Parent.--The term ``parent'' means, with respect to a child, the parent or legal guardian of such child. (8) Sale.--The term ``sale'', with respect to user data-- (A) means the exchange of user data for monetary consideration; and (B) does not include the disclosure of user data by a third-party safety software provider to a processor or service provider that processes user data on behalf of the third-party safety software provider. (9) State.--The term ``State'' means each of the 50 States, the District of Columbia, each commonwealth, territory, or possession of the United States, and each federally recognized Indian Tribe. (10) Third-party safety software provider.--The term ``third-party safety software provider'' means any person who, for commercial purposes in or affecting commerce-- (A) is authorized to interact with a relevant large social media platform to manage the online interactions, content, or account settings of a child for the sole purpose of protecting the child from harm, including physical or emotional harm; and (B) has received such authorization from the child, or in the case of a child who has not attained 13 years of age, the parent of such child. (11) User data.--The term ``user data'' means any information reasonably necessary for a user to have a profile or submit content on a large social media platform (including any image, text, audio, or video) that is created by or sent to a child through the account of the child on such platform, but only-- (A) if the information or content is created by or sent to the child while a delegation under section 3(a)(1)(A) is in effect with respect to the account; and (B) during a 30-day period beginning on the date on which the information or content is created by or sent to such child. SEC. 3. PROVIDING ACCESS TO THIRD-PARTY SAFETY SOFTWARE PROVIDERS. (a) Obligations of Large Social Media Platform Providers.-- (1) Availability of application programming interfaces.-- (A) In general.--Not later than the date described in subparagraph (B), a large social media platform provider shall create, maintain, and make available to a third-party safety software provider registered with the Commission under subsection (b)(3) a set of third- party-accessible real-time application programming interfaces, including any information necessary to use such interfaces, by which a child (or, in the case of a child who has not attained 13 years of age, a parent of the child) may delegate permission to the third-party safety software provider to-- (i) manage any online interaction with or content created by or sent to the child, as well as the account settings of the child on the large social media platform in the same manner as is available to the child; and (ii) initiate a secure transfer of user data from the large social media platform in a commonly used and machine-readable format to the third-party safety software provider, where the frequency of such transfers may not be limited by the large social media platform provider to less than once per hour. (B) Date described.--For purposes of subparagraph (A), the date described in this subparagraph is-- (i) in the case of a service that is a large social media platform on the date of enactment of this Act, 180 days after such date; or (ii) in the case of a service that becomes a large social media platform after such date of enactment, not later than 30 days after the date on which such service becomes a large social media platform. (2) Revocation.--Once a child or parent makes a delegation under paragraph (1)(A), the large social media platform provider shall make the application programming interfaces and information described in such paragraph available to the relevant third-party safety software provider on an ongoing basis until-- (A) the child or a parent, as applicable, revokes the delegation; (B) the child or a parent, as applicable, revokes or disables the registration of the account of such child with the large social media platform; (C) the third-party safety software provider-- (i) rejects the delegation; (ii) receives notice that-- (I) the parent of such child who made the delegation no longer has legal parental rights over such child; or (II) a temporary arrangement has been put in place by a court or legal authority regarding the custody of such child; or (iii) is deregistered by the Commission; or (D) the child attains the age of 17 years old. (3) Data security.-- (A) In general.--A large social media platform provider shall establish, implement, and maintain reasonable policies, practices, and procedures to protect-- (i) the confidentiality, integrity, and accessibility of user data transferred from the large social media platform provider to a third-party safety software provider pursuant to a delegation under paragraph (1)(A); and (ii) any such user data against unauthorized access. (B) Scope.--The policies, practices, and procedures required by subparagraph (A) shall be-- (i) consistent with state-of-the-art administrative, technical, and physical safeguards for protecting transferred user data; and (ii) appropriate to the nature, scope, and volume of such user data. (4) Disclosure.--In the case of a delegation made by a child or a parent, as applicable, under paragraph (1)(A), with respect to the account of such child with a large social media platform, the large social media platform provider shall-- (A) disclose to such child or parent, as applicable, such delegation; (B) provide to such child or parent, as applicable, a summary of any user data transferred to a third-party safety software provider; and (C) update such summary as necessary to reflect any change to such user data. (5) Limitation.--Any management by a third-party safety software provider pursuant to paragraph (1)(A)(i) shall be limited to such management that protects a child from harm, including any such management related to the optimization of any privacy setting on an account of the child, stated user age, and marketing settings for the account. (6) User control.-- (A) In general.--If a large social media platform uses a messaging feature or service that provides security features that give a user control over access to the content of any communication of the user in a manner that renders the access of the large social media platform to such content technically infeasible without overriding such control, then the following shall apply: (i) The large social media platform may not be required to grant a third-party safety software provider access to such content through a set of third-party-accessible real- time application programming interfaces under paragraph (1)(A). (ii) The large social media platform, upon a delegation under paragraph (1)(A), shall-- (I) make available and maintain a technical interface that enables contemporaneous transmission of such communication to a third-party safety software provider-- (aa) registered under subsection (b)(3); and (bb) selected by the child or parent, as applicable, as a user-designated recipient; (II) maintain such security features without altering, bypassing, or overriding such features; (III) permit the communicating users (and any user-designated recipient) to access the content through such interface; and (IV) not gain access to the content of such communication. (B) Rule of construction.--Nothing in this paragraph may be construed to limit the obligations of a large social media platform under this Act with respect to user data other than the content of communications described in this paragraph. (b) Third-Party Safety Software Providers.-- (1) Protection of user data.--A third-party safety software provider shall-- (A) limit any collection, maintenance, and processing of user data the third-party safety software provider obtains pursuant to this Act to what is adequate, relevant, and reasonably necessary for the purposes for which the user data is collected, maintained, or processed, or disclosed to a parent under subsection (d)(1)(C); (B) establish, implement, and maintain reasonable policies, practices, and procedures (that are consistent with state-of-the-art administrative, technical, and physical safeguards related to protecting transferred user data and appropriate to the nature, scope, and volume of such user data) to protect-- (i) the confidentiality, integrity, and accessibility of the user data received from a large social media platform pursuant to this Act; and (ii) the user data received from a large social media platform pursuant to this Act against unauthorized access; and (C) upon any revocation described in subsection (a)(2), delete the user data of the child within 5 days. (2) Prohibition on sale.--A third-party safety software provider may not sell any user data collected, maintained, or processed pursuant to this Act. (3) Registration with the commission.--A third-party safety software provider shall register with the Commission as a condition of accessing an application programming interface and any information under subsection (a). In order to complete such registration, the third-party safety software provider shall demonstrate the following to the satisfaction of the Commission: (A) The third-party safety software provider is not operated, directly or indirectly (including through a parent company, subsidiary, or affiliate), by a company operated or controlled by a covered nation. (B) Such software provider will collect, process, maintain, or otherwise use any user data obtained under subsection (a) for the sole purpose of protecting a child from harm in accordance with any applicable terms of service and the provisions of this Act. (C) Such software provider will only disclose user data obtained under subsection (a) as permitted by subsection (d). (D) Such software provider will not sell, disclose, process, store, transfer, or otherwise make available user data obtained under this Act to a government of a covered nation or to a company operated or controlled by a covered nation. (E)(i) Such software provider will delete any user data obtained under this Act as soon as possible-- (I) but not later than 5 days after receiving such data from a large social media platform; and (II) not including any data the software provider discloses under subsection (d). (ii) For any data disclosed under subsection (d)(1)(C), such software provider will maintain such data until-- (I) the child or parent who made a delegation under subsection (a)(1)(A), and whose data is at issue, requests that the third-party safety software provider delete such data; (II) the child attains 17 years of age; or (III) the third-party safety software provider is deregistered by the Commission. (iii) In the event that the child or parent who made a delegation under subsection (a)(1)(A) revokes the delegation, such software provider will delete all applicable user data not later than 15 days after the date of such revocation. (F) Such software provider will disclose, in an easy-to-understand, human-readable format, to each child with respect to whose account with a large social media platform the service of the third-party safety software provider is operating and (if a parent made the delegation under subsection (a)(1)(A) with respect to the account) to the parent, sufficient information detailing the operation of the service and what information the software provider is collecting to enable such child or parent, as applicable, to make informed decisions regarding the use of the service. (G) Such software provider will disclose, in an easy-to-understand format to each child or parent who made a delegation under subsection (a)(1)(A) notice of any material changes in how the third-party safety software provider provides services. (H) Such software provider is able to provide services in accordance with any applicable terms of service and any relevant disclosures made to any consumer, including by ensuring such terms and disclosures are clear and conspicuous and are written in plain and easy-to-understand English. (I) Such software provider has established, implemented, and maintained reasonable policies, practices, and procedures to protect the confidentiality, integrity, and accessibility of any user data collected or processed pursuant to this Act and that the policies, practices, and procedures are appropriate to ensure a level of security appropriate to the risk to such user data, the cost of implementing such policies, practices, and procedures, and the nature, scope, and volume of such user data. (J) Such software provider assesses compliance with applicable Federal law, including the requirements of this Act. (K) Such software provider is in compliance with the requirements of this Act. (4) Annual audit.-- (A) Audit process; audit report.--For each year or partial year during which a third-party safety software provider is registered with the Commission under paragraph (3), the third-party safety software provider shall retain the services of a qualified independent auditing firm to complete an annual audit and write an audit report (which shall be exempt from disclosure under section 552(b)(3) of title 5, United States Code) that includes-- (i) a review and assessment of such registration and any subsequent written reports, including whether the third-party safety software provider has remained in compliance with the conditions described in paragraph (3); and (ii) an identification of whether the third-party safety software provider has made any material changes in how the third-party safety software provider provides services, and in the event of any such material changes-- (I) an explanation as to how such changes have impacted users; and (II) any information relating to whether such users were notified of the material change at the time the material change was implemented. (B) Submission to the commission.--Not later than 30 days after the date on which an audit report is written under subparagraph (A), a third-party safety software provider shall submit to the Commission-- (i) a full copy of such audit report; and (ii) a summary of such audit report that may contain redactions to protect the confidential business information and trade secrets of the third-party safety software provider. (C) Audit review by the commission.--The Commission shall-- (i) review each audit report submitted by a third-party safety software provider under subparagraph (B)(i) to verify compliance with the requirements of this Act; (ii) make a copy of the summary of such audit report submitted under subparagraph (B)(ii) available to the public; and (iii) in the event an audit required under subparagraph (A) detects an unusual finding, and prior to any adverse action taken by the Commission under paragraph (5), direct a third- party safety software provider to promptly investigate and resolve the matter. (5) Additional oversight of third-party safety software providers.--In addition to the jurisdiction, powers, and duties of the Commission otherwise provided under this Act and any other provision of law, the Commission may take an adverse action against a third-party safety software provider, including by-- (A) denying registration of the third-party safety software provider under paragraph (3); (B) permanently deregistering the third-party safety software provider; and (C) suspending the registration of the third-party safety software provider due to a finding by the Commission of a material risk to the security of the data or safety of the public, including for-- (i) willful misconduct or gross negligence by the third-party safety software provider; (ii) a material misrepresentation made by a third-party safety software provider to the Commission or to any consumer; (iii) failure by the third-party safety software provider to comply with any requirements of this Act or failure to operate in accordance with the affirmations, assertions, representations, or terms of any security review, audit, terms of services, or consumer disclosures; or (iv) failure by the third-party safety software provider to respond to an unusual finding in an annual audit completed under paragraph (4). (6) Rights of third-party safety software providers.-- (A) In general.--In the event the Commission takes an adverse action against a third-party safety software provider under paragraph (5), the Commission shall give the third-party safety software provider the opportunity to-- (i) appeal such adverse action; and (ii) remediate any deficiency described in an annual audit completed under paragraph (4) within 45 days (if the third-party safety software provider demonstrates the third-party safety software provider has remediated any such deficiency and has taken satisfactory action to ensure such deficiency shall not reoccur), except in the case of a finding of-- (I) willful misconduct; (II) gross negligence; or (III) a demonstrated history of multiple failures in relation to the types of material risk described in paragraph (5)(C). (B) Exception.--The rights described in subparagraph (A) shall not prevent the Commission from suspending the registration of a third-party safety software provider to protect the public from ongoing material risk for the period during which the third- party safety software provider is in the process of exercising such rights. (c) Indemnification.--In any civil action in Federal or State court (other than an action brought by the Commission), a large social media platform provider may not be held liable for damages arising from transferring user data to a third-party safety software provider under subsection (a) if the large social media platform provider has complied with the requirements of this Act in good faith. (d) User Data Disclosure.-- (1) Permitted disclosures.--A third-party safety software provider may not disclose any user data obtained under subsection (a) to any other person, except-- (A) pursuant to a lawful request from a government body, including for law enforcement purposes or for judicial or administrative proceedings, by means of a court order or a court-ordered warrant, a subpoena or summons issued by a judicial officer, or a grand jury subpoena; (B) to the extent that such disclosure is required by law and such disclosure complies with and is limited to the relevant requirements of such law; (C) to a child who made a delegation under subsection (a)(1)(A) and whose data is at issue, the parent of such child, or to a parent who made such a delegation and whose child's data is at issue, with such third-party safety software provider making a good faith effort to ensure that such disclosure includes only the user data necessary for a reasonable parent to understand that such child is experiencing (or is at foreseeable risk to experience)-- (i) suicide; (ii) anxiety; (iii) depression; (iv) an eating disorder; (v) violence, including being the victim of or planning to commit or facilitate assault; (vi) substance abuse; (vii) fraud; (viii) severe forms of trafficking in persons (as defined in section 103 of the Trafficking Victims Protection Act of 2000 (22 U.S.C. 7102)); (ix) sexual abuse; (x) physical injury; (xi) harassment; (xii) sexually explicit conduct or child pornography (as such terms are defined in section 2256 of title 18, United States Code); (xiii) terrorism (as defined in section 140(d) of the Foreign Relations Authorization Act, Fiscal Years 1988 and 1989 (22 U.S.C. 2656f(d))), including communications with or in support of a foreign terrorist organization (as designated by the Secretary of State under section 219(a) of the Immigration and Nationality Act (8 U.S.C. 1189(a))); or (xiv) the sharing of personal information, limited to-- (I) home address; (II) phone number; (III) social security number; and (IV) personal banking information; (D) in the case of a good faith determination that disclosure is necessary to prevent or lessen a reasonably foreseeable serious and imminent threat to the health or safety of any individual, if the disclosure is made to a person reasonably able to prevent or lessen the threat; or (E) to a public health authority or other appropriate government authority authorized by law to receive reports of child abuse or neglect. (2) Disclosure reporting.--A third-party safety software provider that makes a disclosure permitted by subparagraphs (A), (B), (D), or (E) of paragraph (1) shall promptly inform the child or parent who made a delegation under subsection (a)(1)(A) that such a disclosure has been or will be made, except if the third-party safety software provider-- (A) in the exercise of professional judgment, determines informing such child or parent would place such child at risk of serious harm; or (B) is prohibited by law (including through a valid order by a court or administrative body) from informing such child or parent. (3) Child exploitation.--Nothing in this Act shall be construed to relieve a third-party safety software provider or a large social media platform from their duty to report pursuant to section 2258A of title 18, United States Code. SEC. 4. IMPLEMENTATION AND ENFORCEMENT. (a) Enforcement.-- (1) Unfair or deceptive acts or practices.--A violation of this Act shall be treated as a violation of a rule defining an unfair or deceptive act or practice prescribed under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)). (2) Powers of the commission.-- (A) In general.--The Commission shall enforce this Act in the same manner, by the same means, and with the same jurisdiction, powers, and duties as though all applicable terms and provisions of the Federal Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into and made a part of this Act. (B) Privileges and immunities.--Any person who violates this Act shall be subject to the penalties and entitled to the privileges and immunities provided in the Federal Trade Commission Act (15 U.S.C. 41 et seq.). (3) Preservation of authority.--Nothing in this Act may be construed to limit the authority of the Commission under any other provision of law. (b) Compliance Assessment.--The Commission, on a biannual basis, shall assess compliance by large social media platform providers with the provisions of this Act. (c) Complaints.--Not later than 180 days after the date of enactment of this Act, the Commission shall establish procedures under which a child (or the parent of such child), a large social media platform provider, or a third-party safety software provider may file a complaint alleging that a large social media platform provider or a third-party safety software provider has violated this Act. SEC. 5. ONE NATIONAL STANDARD. (a) In General.--No State or political subdivision of a State may maintain, enforce, prescribe, or continue in effect any law, rule, regulation, requirement, standard, or other provision having the force and effect of law of the State, or political subdivision of a State, related to requiring large social media platform providers to create, maintain, and make available to third-party safety software providers a set of real-time application programming interfaces for the purposes of child online safety, through which a child or a parent of a child may delegate permission to a third-party safety software provider to manage the online interactions, content, and account settings of such child on a large social media platform in the same manner as is available to the child. (b) Rule of Construction.--This section may not be construed to-- (1) limit the enforcement of any consumer protection law of general applicability of a State or political subdivision of a State; (2) preempt the applicability of State trespass, contract, or tort law; or (3) preempt the applicability of any State law to the extent that the law relates to acts of fraud, unauthorized access to personal information, or notification of unauthorized access to personal information. \n\nSUMMARY TO EVALUATE:\nTitle: Sammy's Law: Enhancing Child Safety on Large Social Media Platforms\nSummary: This bill requires major social media companies to allow third-party safety apps to help protect children from online harms. It empowers parents and minors to use specialized software to monitor interactions and manage account settings for better security.\nKey Points: Large platforms must provide technical access (APIs) to registered third-party safety software providers., Parents of children under 13 and minors under 17 can delegate account monitoring and management to these apps., Safety apps can alert parents to risks like cyberbullying, self-harm, substance abuse, and online exploitation., Third-party safety providers are strictly prohibited from selling any user data collected through these interfaces., The Federal Trade Commission (FTC) will oversee the registration of software providers and enforce compliance.\n\nZASADY OCENY:\n1. Sprawdź wszystkie LICZBY, DATY i KWOTY w SUMMARY. Jeśli którejś brakuje w SOURCE -> is_valid: false.\n2. Sprawdź wszystkie NAZWISKA, ORGANIZACJE i MIEJSCA w SUMMARY. Jeśli którejś brakuje w SOURCE -> is_valid: false.\n3. Sprawdź wszystkie konkretne DZIAŁANIA PRAWNE . Jeśli tego mechanizmu nie ma w SOURCE -> is_valid: false.\n\nWAŻNE: Abstrakcyjne pojęcia (np. \"transparentność\", \"zaufanie\") są dozwolone jako wnioski.\n\nOUTPUT (JSON):\n{\n \"is_valid\": true/false,\n \"issue\": \"fabricated_entity\" / \"contradiction\" / \"none\"\n}\n\nWYMAGANIA FORMATOWANIA:\n1. Odpowiedz WYŁĄCZNIE surowym obiektem JSON.\n2. NIE używaj bloków kodu Markdown.\n3. NIE dodawaj żadnych wstępów ani wyjaśnień przed ani po JSONie.\n4. JSON musi być poprawny i gotowy do parsowania.\n\n", "ai_response_raw": "{\n \"is_valid\": false,\n \"issue\": \"fabricated_entity\"\n}" }, { "timestamp": "2026-03-27T12:21:30.307Z", "source_url": "https://www.congress.gov/119/bills/s4159/BILLS-119s4159is.htm", "model": "gemini-flash-latest", "prompt_sent": "\nJesteś ekspertem od prawa Stanów Zjednoczonych, który ma za zadanie analizować dokumenty ustaw, uchwał oraz innych dokumentów legislacyjnych, a następnie przygotowywać z nich informacje w przystępny sposób dla obywateli. Twoim celem jest przedstawienie informacji tak, aby obywatele mogli sami ocenić wpływ legislacji na ich życie, nawet bez posiadania specjalistycznej wiedzy legislacyjnej. Skup się na faktach i obiektywnych skutkach wprowadzanych zmian, unikając wartościowania i osobistych opinii. Wszelki żargon prawny jest zabroniony. Prezentuj informacje w jasny, zwięzły i angażujący sposób, tak aby były zrozumiałe dla osoby bez wykształcenia prawniczego. Unikaj długich, złożonych zdań. Zamiast pisać \"projekt ma na celu nowelizację kodeksu podatkowego...\", napisz \"Zmiany w podatkach: nowe ulgi i obowiązki dla...\". Kontynuuj swoją pracę, dopóki nie rozwiążesz swojego zadania. Jeśli nie masz pewności co do generowanej treści, przeanalizuj dokument ponownie – nie zgaduj. Rozplanuj dobrze swoje zadanie przed przystąpieniem do niego. W podsumowaniu i kluczowych punktach, jeśli to możliwe i uzasadnione, podkreśl, jakie konkretne korzyści lub skutki (pozytywne lub negatywne) wprowadza ustawa dla życia codziennego obywateli, ich praw i obowiązków, finansów osobistych, bezpieczeństwa i innych ważnych kwestii (np. kategorycznych zakazów i nakazów czy najważniejszych konkretnych alokacji finansowych i terytorialnych).\n\nTwoja odpowiedź MUSI być w formacie JSON - i zawierać następujące klucze.\nZanim zwrócisz odpowiedź, dokładnie zweryfikuj, czy cała struktura JSON jest w 100% poprawna, włącznie ze wszystkimi przecinkami, nawiasami klamrowymi, kwadratowymi oraz cudzysłowami. Błędny JSON jest nieakceptowalny i uniemożliwi przetworzenie Twojej pracy.\n\nPrzeanalizuj dokładnie poniższy tekst dokumentu prawnego. To jest treść, na podstawie której masz wygenerować podsumowanie i kluczowe punkty:\n--- POCZĄTEK DOKUMENTU ---\n[Congressional Bills 119th Congress] [From the U.S. Government Publishing Office] [S. 4159 Introduced in Senate (IS)] 119th CONGRESS 2d Session S. 4159 To require large social media platform providers to create, maintain, and make available to third-party safety software providers a set of real-time application programming interfaces, through which a child or a parent may delegate permission to a third-party safety software provider to manage the online interactions, content, and account settings of such child on the large social media platform in the same manner as is available to the child, and for other purposes. _______________________________________________________________________ IN THE SENATE OF THE UNITED STATES March 20, 2026 Mr. Husted (for himself, Mrs. Britt, and Mr. Warner) introduced the following bill; which was read twice and referred to the Committee on Commerce, Science, and Transportation _______________________________________________________________________ A BILL To require large social media platform providers to create, maintain, and make available to third-party safety software providers a set of real-time application programming interfaces, through which a child or a parent may delegate permission to a third-party safety software provider to manage the online interactions, content, and account settings of such child on the large social media platform in the same manner as is available to the child, and for other purposes. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as ``Sammy's Law''. SEC. 2. DEFINITIONS. In this Act: (1) Child.--The term ``child'' means any individual who-- (A) has not attained 17 years of age; and (B) has registered an account with a large social media platform. (2) Commerce.--The term ``commerce'' has the meaning given such term in section 4 of the Federal Trade Commission Act (15 U.S.C. 44). (3) Commission.--The term ``Commission'' means the Federal Trade Commission. (4) Covered nation.--The term ``covered nation'' has the meaning given such term in section 4872(f) of title 10, United States Code. (5) Large social media platform.--The term ``large social media platform''-- (A) means a service-- (i) provided through an internet website or a mobile application; (ii) the terms of service of which do not prohibit the use of the service by a child; (iii) with any feature that enables a child to share images, text, or video through the internet with other users of the service whom such child has met, identified, or become aware of solely through the use of the service; and (iv) that has more than 100,000,000 monthly global active users or generates more than $1,000,000,000 in gross revenue per year, adjusted yearly for inflation; and (B) does not include-- (i) a service that primarily serves-- (I) to facilitate-- (aa) the sale or provision of a professional service; or (bb) the sale of a commercial product; or (II) to provide news or information in a manner in which a user of the service may not send any content directly to a child through such service; or (ii) a service that-- (I) has a feature that enables a user who communicates directly with a child through a message (including images, text, audio, or video messages) to add to such message other users that such child may have met, identified, or become aware of solely through the use of the service; and (II) does not have any feature described in subparagraph (A)(iii). (6) Large social media platform provider.--The term ``large social media platform provider'' means any person who, for commercial purposes in or affecting commerce, provides, manages, operates, owns, or controls a large social media platform. (7) Parent.--The term ``parent'' means, with respect to a child, the parent or legal guardian of such child. (8) Sale.--The term ``sale'', with respect to user data-- (A) means the exchange of user data for monetary consideration; and (B) does not include the disclosure of user data by a third-party safety software provider to a processor or service provider that processes user data on behalf of the third-party safety software provider. (9) State.--The term ``State'' means each of the 50 States, the District of Columbia, each commonwealth, territory, or possession of the United States, and each federally recognized Indian Tribe. (10) Third-party safety software provider.--The term ``third-party safety software provider'' means any person who, for commercial purposes in or affecting commerce-- (A) is authorized to interact with a relevant large social media platform to manage the online interactions, content, or account settings of a child for the sole purpose of protecting the child from harm, including physical or emotional harm; and (B) has received such authorization from the child, or in the case of a child who has not attained 13 years of age, the parent of such child. (11) User data.--The term ``user data'' means any information reasonably necessary for a user to have a profile or submit content on a large social media platform (including any image, text, audio, or video) that is created by or sent to a child through the account of the child on such platform, but only-- (A) if the information or content is created by or sent to the child while a delegation under section 3(a)(1)(A) is in effect with respect to the account; and (B) during a 30-day period beginning on the date on which the information or content is created by or sent to such child. SEC. 3. PROVIDING ACCESS TO THIRD-PARTY SAFETY SOFTWARE PROVIDERS. (a) Obligations of Large Social Media Platform Providers.-- (1) Availability of application programming interfaces.-- (A) In general.--Not later than the date described in subparagraph (B), a large social media platform provider shall create, maintain, and make available to a third-party safety software provider registered with the Commission under subsection (b)(3) a set of third- party-accessible real-time application programming interfaces, including any information necessary to use such interfaces, by which a child (or, in the case of a child who has not attained 13 years of age, a parent of the child) may delegate permission to the third-party safety software provider to-- (i) manage any online interaction with or content created by or sent to the child, as well as the account settings of the child on the large social media platform in the same manner as is available to the child; and (ii) initiate a secure transfer of user data from the large social media platform in a commonly used and machine-readable format to the third-party safety software provider, where the frequency of such transfers may not be limited by the large social media platform provider to less than once per hour. (B) Date described.--For purposes of subparagraph (A), the date described in this subparagraph is-- (i) in the case of a service that is a large social media platform on the date of enactment of this Act, 180 days after such date; or (ii) in the case of a service that becomes a large social media platform after such date of enactment, not later than 30 days after the date on which such service becomes a large social media platform. (2) Revocation.--Once a child or parent makes a delegation under paragraph (1)(A), the large social media platform provider shall make the application programming interfaces and information described in such paragraph available to the relevant third-party safety software provider on an ongoing basis until-- (A) the child or a parent, as applicable, revokes the delegation; (B) the child or a parent, as applicable, revokes or disables the registration of the account of such child with the large social media platform; (C) the third-party safety software provider-- (i) rejects the delegation; (ii) receives notice that-- (I) the parent of such child who made the delegation no longer has legal parental rights over such child; or (II) a temporary arrangement has been put in place by a court or legal authority regarding the custody of such child; or (iii) is deregistered by the Commission; or (D) the child attains the age of 17 years old. (3) Data security.-- (A) In general.--A large social media platform provider shall establish, implement, and maintain reasonable policies, practices, and procedures to protect-- (i) the confidentiality, integrity, and accessibility of user data transferred from the large social media platform provider to a third-party safety software provider pursuant to a delegation under paragraph (1)(A); and (ii) any such user data against unauthorized access. (B) Scope.--The policies, practices, and procedures required by subparagraph (A) shall be-- (i) consistent with state-of-the-art administrative, technical, and physical safeguards for protecting transferred user data; and (ii) appropriate to the nature, scope, and volume of such user data. (4) Disclosure.--In the case of a delegation made by a child or a parent, as applicable, under paragraph (1)(A), with respect to the account of such child with a large social media platform, the large social media platform provider shall-- (A) disclose to such child or parent, as applicable, such delegation; (B) provide to such child or parent, as applicable, a summary of any user data transferred to a third-party safety software provider; and (C) update such summary as necessary to reflect any change to such user data. (5) Limitation.--Any management by a third-party safety software provider pursuant to paragraph (1)(A)(i) shall be limited to such management that protects a child from harm, including any such management related to the optimization of any privacy setting on an account of the child, stated user age, and marketing settings for the account. (6) User control.-- (A) In general.--If a large social media platform uses a messaging feature or service that provides security features that give a user control over access to the content of any communication of the user in a manner that renders the access of the large social media platform to such content technically infeasible without overriding such control, then the following shall apply: (i) The large social media platform may not be required to grant a third-party safety software provider access to such content through a set of third-party-accessible real- time application programming interfaces under paragraph (1)(A). (ii) The large social media platform, upon a delegation under paragraph (1)(A), shall-- (I) make available and maintain a technical interface that enables contemporaneous transmission of such communication to a third-party safety software provider-- (aa) registered under subsection (b)(3); and (bb) selected by the child or parent, as applicable, as a user-designated recipient; (II) maintain such security features without altering, bypassing, or overriding such features; (III) permit the communicating users (and any user-designated recipient) to access the content through such interface; and (IV) not gain access to the content of such communication. (B) Rule of construction.--Nothing in this paragraph may be construed to limit the obligations of a large social media platform under this Act with respect to user data other than the content of communications described in this paragraph. (b) Third-Party Safety Software Providers.-- (1) Protection of user data.--A third-party safety software provider shall-- (A) limit any collection, maintenance, and processing of user data the third-party safety software provider obtains pursuant to this Act to what is adequate, relevant, and reasonably necessary for the purposes for which the user data is collected, maintained, or processed, or disclosed to a parent under subsection (d)(1)(C); (B) establish, implement, and maintain reasonable policies, practices, and procedures (that are consistent with state-of-the-art administrative, technical, and physical safeguards related to protecting transferred user data and appropriate to the nature, scope, and volume of such user data) to protect-- (i) the confidentiality, integrity, and accessibility of the user data received from a large social media platform pursuant to this Act; and (ii) the user data received from a large social media platform pursuant to this Act against unauthorized access; and (C) upon any revocation described in subsection (a)(2), delete the user data of the child within 5 days. (2) Prohibition on sale.--A third-party safety software provider may not sell any user data collected, maintained, or processed pursuant to this Act. (3) Registration with the commission.--A third-party safety software provider shall register with the Commission as a condition of accessing an application programming interface and any information under subsection (a). In order to complete such registration, the third-party safety software provider shall demonstrate the following to the satisfaction of the Commission: (A) The third-party safety software provider is not operated, directly or indirectly (including through a parent company, subsidiary, or affiliate), by a company operated or controlled by a covered nation. (B) Such software provider will collect, process, maintain, or otherwise use any user data obtained under subsection (a) for the sole purpose of protecting a child from harm in accordance with any applicable terms of service and the provisions of this Act. (C) Such software provider will only disclose user data obtained under subsection (a) as permitted by subsection (d). (D) Such software provider will not sell, disclose, process, store, transfer, or otherwise make available user data obtained under this Act to a government of a covered nation or to a company operated or controlled by a covered nation. (E)(i) Such software provider will delete any user data obtained under this Act as soon as possible-- (I) but not later than 5 days after receiving such data from a large social media platform; and (II) not including any data the software provider discloses under subsection (d). (ii) For any data disclosed under subsection (d)(1)(C), such software provider will maintain such data until-- (I) the child or parent who made a delegation under subsection (a)(1)(A), and whose data is at issue, requests that the third-party safety software provider delete such data; (II) the child attains 17 years of age; or (III) the third-party safety software provider is deregistered by the Commission. (iii) In the event that the child or parent who made a delegation under subsection (a)(1)(A) revokes the delegation, such software provider will delete all applicable user data not later than 15 days after the date of such revocation. (F) Such software provider will disclose, in an easy-to-understand, human-readable format, to each child with respect to whose account with a large social media platform the service of the third-party safety software provider is operating and (if a parent made the delegation under subsection (a)(1)(A) with respect to the account) to the parent, sufficient information detailing the operation of the service and what information the software provider is collecting to enable such child or parent, as applicable, to make informed decisions regarding the use of the service. (G) Such software provider will disclose, in an easy-to-understand format to each child or parent who made a delegation under subsection (a)(1)(A) notice of any material changes in how the third-party safety software provider provides services. (H) Such software provider is able to provide services in accordance with any applicable terms of service and any relevant disclosures made to any consumer, including by ensuring such terms and disclosures are clear and conspicuous and are written in plain and easy-to-understand English. (I) Such software provider has established, implemented, and maintained reasonable policies, practices, and procedures to protect the confidentiality, integrity, and accessibility of any user data collected or processed pursuant to this Act and that the policies, practices, and procedures are appropriate to ensure a level of security appropriate to the risk to such user data, the cost of implementing such policies, practices, and procedures, and the nature, scope, and volume of such user data. (J) Such software provider assesses compliance with applicable Federal law, including the requirements of this Act. (K) Such software provider is in compliance with the requirements of this Act. (4) Annual audit.-- (A) Audit process; audit report.--For each year or partial year during which a third-party safety software provider is registered with the Commission under paragraph (3), the third-party safety software provider shall retain the services of a qualified independent auditing firm to complete an annual audit and write an audit report (which shall be exempt from disclosure under section 552(b)(3) of title 5, United States Code) that includes-- (i) a review and assessment of such registration and any subsequent written reports, including whether the third-party safety software provider has remained in compliance with the conditions described in paragraph (3); and (ii) an identification of whether the third-party safety software provider has made any material changes in how the third-party safety software provider provides services, and in the event of any such material changes-- (I) an explanation as to how such changes have impacted users; and (II) any information relating to whether such users were notified of the material change at the time the material change was implemented. (B) Submission to the commission.--Not later than 30 days after the date on which an audit report is written under subparagraph (A), a third-party safety software provider shall submit to the Commission-- (i) a full copy of such audit report; and (ii) a summary of such audit report that may contain redactions to protect the confidential business information and trade secrets of the third-party safety software provider. (C) Audit review by the commission.--The Commission shall-- (i) review each audit report submitted by a third-party safety software provider under subparagraph (B)(i) to verify compliance with the requirements of this Act; (ii) make a copy of the summary of such audit report submitted under subparagraph (B)(ii) available to the public; and (iii) in the event an audit required under subparagraph (A) detects an unusual finding, and prior to any adverse action taken by the Commission under paragraph (5), direct a third- party safety software provider to promptly investigate and resolve the matter. (5) Additional oversight of third-party safety software providers.--In addition to the jurisdiction, powers, and duties of the Commission otherwise provided under this Act and any other provision of law, the Commission may take an adverse action against a third-party safety software provider, including by-- (A) denying registration of the third-party safety software provider under paragraph (3); (B) permanently deregistering the third-party safety software provider; and (C) suspending the registration of the third-party safety software provider due to a finding by the Commission of a material risk to the security of the data or safety of the public, including for-- (i) willful misconduct or gross negligence by the third-party safety software provider; (ii) a material misrepresentation made by a third-party safety software provider to the Commission or to any consumer; (iii) failure by the third-party safety software provider to comply with any requirements of this Act or failure to operate in accordance with the affirmations, assertions, representations, or terms of any security review, audit, terms of services, or consumer disclosures; or (iv) failure by the third-party safety software provider to respond to an unusual finding in an annual audit completed under paragraph (4). (6) Rights of third-party safety software providers.-- (A) In general.--In the event the Commission takes an adverse action against a third-party safety software provider under paragraph (5), the Commission shall give the third-party safety software provider the opportunity to-- (i) appeal such adverse action; and (ii) remediate any deficiency described in an annual audit completed under paragraph (4) within 45 days (if the third-party safety software provider demonstrates the third-party safety software provider has remediated any such deficiency and has taken satisfactory action to ensure such deficiency shall not reoccur), except in the case of a finding of-- (I) willful misconduct; (II) gross negligence; or (III) a demonstrated history of multiple failures in relation to the types of material risk described in paragraph (5)(C). (B) Exception.--The rights described in subparagraph (A) shall not prevent the Commission from suspending the registration of a third-party safety software provider to protect the public from ongoing material risk for the period during which the third- party safety software provider is in the process of exercising such rights. (c) Indemnification.--In any civil action in Federal or State court (other than an action brought by the Commission), a large social media platform provider may not be held liable for damages arising from transferring user data to a third-party safety software provider under subsection (a) if the large social media platform provider has complied with the requirements of this Act in good faith. (d) User Data Disclosure.-- (1) Permitted disclosures.--A third-party safety software provider may not disclose any user data obtained under subsection (a) to any other person, except-- (A) pursuant to a lawful request from a government body, including for law enforcement purposes or for judicial or administrative proceedings, by means of a court order or a court-ordered warrant, a subpoena or summons issued by a judicial officer, or a grand jury subpoena; (B) to the extent that such disclosure is required by law and such disclosure complies with and is limited to the relevant requirements of such law; (C) to a child who made a delegation under subsection (a)(1)(A) and whose data is at issue, the parent of such child, or to a parent who made such a delegation and whose child's data is at issue, with such third-party safety software provider making a good faith effort to ensure that such disclosure includes only the user data necessary for a reasonable parent to understand that such child is experiencing (or is at foreseeable risk to experience)-- (i) suicide; (ii) anxiety; (iii) depression; (iv) an eating disorder; (v) violence, including being the victim of or planning to commit or facilitate assault; (vi) substance abuse; (vii) fraud; (viii) severe forms of trafficking in persons (as defined in section 103 of the Trafficking Victims Protection Act of 2000 (22 U.S.C. 7102)); (ix) sexual abuse; (x) physical injury; (xi) harassment; (xii) sexually explicit conduct or child pornography (as such terms are defined in section 2256 of title 18, United States Code); (xiii) terrorism (as defined in section 140(d) of the Foreign Relations Authorization Act, Fiscal Years 1988 and 1989 (22 U.S.C. 2656f(d))), including communications with or in support of a foreign terrorist organization (as designated by the Secretary of State under section 219(a) of the Immigration and Nationality Act (8 U.S.C. 1189(a))); or (xiv) the sharing of personal information, limited to-- (I) home address; (II) phone number; (III) social security number; and (IV) personal banking information; (D) in the case of a good faith determination that disclosure is necessary to prevent or lessen a reasonably foreseeable serious and imminent threat to the health or safety of any individual, if the disclosure is made to a person reasonably able to prevent or lessen the threat; or (E) to a public health authority or other appropriate government authority authorized by law to receive reports of child abuse or neglect. (2) Disclosure reporting.--A third-party safety software provider that makes a disclosure permitted by subparagraphs (A), (B), (D), or (E) of paragraph (1) shall promptly inform the child or parent who made a delegation under subsection (a)(1)(A) that such a disclosure has been or will be made, except if the third-party safety software provider-- (A) in the exercise of professional judgment, determines informing such child or parent would place such child at risk of serious harm; or (B) is prohibited by law (including through a valid order by a court or administrative body) from informing such child or parent. (3) Child exploitation.--Nothing in this Act shall be construed to relieve a third-party safety software provider or a large social media platform from their duty to report pursuant to section 2258A of title 18, United States Code. SEC. 4. IMPLEMENTATION AND ENFORCEMENT. (a) Enforcement.-- (1) Unfair or deceptive acts or practices.--A violation of this Act shall be treated as a violation of a rule defining an unfair or deceptive act or practice prescribed under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)). (2) Powers of the commission.-- (A) In general.--The Commission shall enforce this Act in the same manner, by the same means, and with the same jurisdiction, powers, and duties as though all applicable terms and provisions of the Federal Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into and made a part of this Act. (B) Privileges and immunities.--Any person who violates this Act shall be subject to the penalties and entitled to the privileges and immunities provided in the Federal Trade Commission Act (15 U.S.C. 41 et seq.). (3) Preservation of authority.--Nothing in this Act may be construed to limit the authority of the Commission under any other provision of law. (b) Compliance Assessment.--The Commission, on a biannual basis, shall assess compliance by large social media platform providers with the provisions of this Act. (c) Complaints.--Not later than 180 days after the date of enactment of this Act, the Commission shall establish procedures under which a child (or the parent of such child), a large social media platform provider, or a third-party safety software provider may file a complaint alleging that a large social media platform provider or a third-party safety software provider has violated this Act. SEC. 5. ONE NATIONAL STANDARD. (a) In General.--No State or political subdivision of a State may maintain, enforce, prescribe, or continue in effect any law, rule, regulation, requirement, standard, or other provision having the force and effect of law of the State, or political subdivision of a State, related to requiring large social media platform providers to create, maintain, and make available to third-party safety software providers a set of real-time application programming interfaces for the purposes of child online safety, through which a child or a parent of a child may delegate permission to a third-party safety software provider to manage the online interactions, content, and account settings of such child on a large social media platform in the same manner as is available to the child. (b) Rule of Construction.--This section may not be construed to-- (1) limit the enforcement of any consumer protection law of general applicability of a State or political subdivision of a State; (2) preempt the applicability of State trespass, contract, or tort law; or (3) preempt the applicability of any State law to the extent that the law relates to acts of fraud, unauthorized access to personal information, or notification of unauthorized access to personal information. \n--- KONIEC DOKUMENTU ---\n\nPAMIĘTAJ: Twoja odpowiedź MUSI być wyłącznie poprawnym obiektem JSON. Nie dodawaj żadnych dodatkowych znaków, komentarzy ani tekstu przed znacznikiem '{' ani po znaczniku '}'. Cała odpowiedź musi być parsowalna jako JSON.\nNa podstawie POWYŻSZEGO dokumentu, wypełnij poniższą strukturę JSON:\nOto struktura JSON, której oczekuję (wypełnij ją treścią):\n{\n \"pl_ai_title\": \"Nowy, krótki tytuł dla aktu prawnego po polsku, oddający sedno wprowadzanych zmian (np. maksymalnie 10-12 słów).\",\n \"pl_summary\": \"2-3 zdania zwięzłego podsumowania treści aktu prawnego po polsku, napisane z perspektywy wpływu na życie codzienne obywateli.\",\n \"pl_key_points\": [\n \"Pierwszy krótki punkt po polsku dotyczący najważniejszych wprowadzanych rozwiązań lub zmian.\",\n \"Drugi krótki punkt po polsku...\"\n ],\n \"eng_ai_title\": \"A new, short title for the legal act in English, capturing the essence of the changes (e.g., max 10-12 words).\",\n \"eng_summary\": \"2-3 sentences summarizing the legal act in English, from the perspective of its impact on citizens' daily lives.\",\n \"eng_key_points\": [\n \"First short bullet point in English regarding the most important solutions or changes being introduced.\",\n \"Second short bullet point in English...\"\n ],\n \"de_ai_title\": \"Ein neuer, kurzer Titel für das Rechtsdokument auf Deutsch, der den Kern der Änderungen erfasst (z.B. max. 10-12 Wörter).\",\n \"de_summary\": \"2-3 Sätze Zusammenfassung des Rechtsdokuments auf Deutsch, aus der Perspektive seiner Auswirkungen auf das tägliche Leben der Bürger.\",\n \"de_key_points\": [\n \"Erster kurzer Stichpunkt auf Deutsch zu den wichtigsten eingeführten Lösungen oder Änderungen.\",\n \"Zweiter kurzer Stichpunkt auf Deutsch...\"\n ],\n \"fr_ai_title\": \"Un nouveau titre court pour l'acte juridique en français, saisissant l'essence des changements (par exemple, 10-12 mots maximum).\",\n \"fr_summary\": \"Résumé de 2-3 phrases de l'acte juridique en français, du point de vue de son impact sur la vie quotidienne des citoyens.\",\n \"fr_key_points\": [\n \"Premier court point en français concernant les solutions ou changements les plus importants introduits.\",\n \"Deuxième court point en français...\"\n ],\n \"es_ai_title\": \"Un nuevo título breve para el acto jurídico en español, que recoja la esencia de los cambios (por ejemplo, máximo 10-12 palabras).\",\n \"es_summary\": \"Resumen de 2-3 frases del acto jurídico en español, desde la perspectiva de su impacto en la vida cotidiana de los ciudadanos.\",\n \"es_key_points\": [\n \"Primer punto breve en español sobre las soluciones o cambios más importantes que se introducen.\",\n \"Segundo punto breve en español...\"\n ],\n \"it_ai_title\": \"Un nuovo titolo breve per l'atto giuridico in italiano, che colga l'essenza delle modifiche (ad es. massimo 10-12 parole).\",\n \"it_summary\": \"Riepilogo di 2-3 frasi dell'atto giuridico in italiano, dal punto di vista del suo impatto sulla vita quotidiana dei cittadini.\",\n \"it_key_points\": [\n \"Primo breve punto in italiano riguardante le soluzioni o le modifiche più importanti introdotte.\",\n \"Secondo breve punto in italiano...\"\n ],\n \"nl_ai_title\": \"Een nieuwe, korte titel voor de rechtshandeling in het Nederlands, die de essentie van de wijzigingen weergeeft (bijv. max. 10-12 woorden).\",\n \"nl_summary\": \"Samenvatting van 2-3 zinnen van de rechtshandeling in het Nederlands, vanuit het perspectief van de impact op het dagelijks leven van burgers.\",\n \"nl_key_points\": [\n \"Eerste korte punt in het Nederlands betreffende de belangrijkste geïntroduceerde oplossingen of wijzigingen.\",\n \"Tweede korte punt in het Nederlands...\"\n ],\n \"pt_ai_title\": \"Um novo título curto para o ato jurídico em português, capturando a essência das mudanças (por exemplo, máx. 10-12 palavras).\",\n \"pt_summary\": \"Resumo de 2-3 frases do ato jurídico em português, na perspetiva do seu impacto na vida quotidiana dos cidadãos.\",\n \"pt_key_points\": [\n \"Primeiro ponto curto em português sobre as soluções ou alterações mais importantes introduzidas.\",\n \"Segundo ponto curto em português...\"\n ],\n \"category\": [\"Categorize the document into one category by default, based on the field it primarily concerns. Choose up to 3 if the document also touches upon SIGNIFICANT issues from other categories. You MUST select categories ONLY from the following list: Health, Education, Family, Taxes, Labor, Security, Environment, Courts and Law, Transport, Benefits, Real Estate, Media and Culture, Local Government, Migration, Agriculture, Public Investments, Informatization, Economy. If the document does not definitively fit any of these, you MUST use \"Other\". If you use \"Other\", it should be the ONLY category selected. Do NOT invent new categories. The response must be an array of strings, e.g., [\"Taxes\", \"Family\"].\"]\n}\n\n", "ai_response_raw": "{\n \"pl_ai_title\": \"Prawo Sammy’ego: Nowe narzędzia ochrony dzieci w mediach społecznościowych\",\n \"pl_summary\": \"Ustawa nakłada na duże platformy społecznościowe obowiązek udostępnienia danych zewnętrznym aplikacjom chroniącym bezpieczeństwo dzieci. Dzięki temu rodzice i młodzież będą mogli łatwiej monitorować zagrożenia online i zarządzać ustawieniami prywatności.\",\n \"pl_key_points\": [\n \"Duże serwisy (ponad 100 mln użytkowników) muszą umożliwić działanie zewnętrznym programom do ochrony dzieci.\",\n \"Rodzice dzieci poniżej 13 lat oraz młodzież do 17 roku życia mogą przekazać kontrolę nad kontem zaufanym aplikacjom bezpieczeństwa.\",\n \"Aplikacje te będą mogły ostrzegać o zagrożeniach takich jak nękanie, depresja, przemoc czy myśli samobójcze.\",\n \"Wprowadzono surowy zakaz sprzedaży danych użytkowników przez dostawców oprogramowania ochronnego.\",\n \"Nadzór nad przestrzeganiem nowych przepisów i rejestracją dostawców oprogramowania sprawować będzie Federalna Komisja Handlu (FTC).\"\n ],\n \"eng_ai_title\": \"Sammy's Law: Enhancing Child Safety on Large Social Media Platforms\",\n \"eng_summary\": \"This bill requires major social media companies to allow third-party safety apps to help protect children from online harms. It empowers parents and minors to use specialized software to monitor interactions and manage account settings for better security.\",\n \"eng_key_points\": [\n \"Large platforms must provide technical access (APIs) to registered third-party safety software providers.\",\n \"Parents of children under 13 and minors under 17 can delegate account monitoring and management to these apps.\",\n \"Safety apps can alert parents to risks like cyberbullying, self-harm, substance abuse, and online exploitation.\",\n \"Third-party safety providers are strictly prohibited from selling any user data collected through these interfaces.\",\n \"The Federal Trade Commission (FTC) will oversee the registration of software providers and enforce compliance.\"\n ],\n \"de_ai_title\": \"Sammys Gesetz: Neue Sicherheitswerkzeuge für Kinder in sozialen Medien\",\n \"de_summary\": \"Dieses Gesetz verpflichtet große soziale Netzwerke, Schnittstellen für Sicherheitssoftware von Drittanbietern bereitzustellen. Eltern und Jugendliche können so spezialisierte Apps nutzen, um Online-Interaktionen zu überwachen und vor Gefahren zu schützen.\",\n \"de_key_points\": [\n \"Große Plattformen müssen technischen Zugriff (APIs) für registrierte Jugendschutz-Software ermöglichen.\",\n \"Eltern und Minderjährige bis 17 Jahre können die Kontoverwaltung an vertrauenswürdige Sicherheits-Apps delegieren.\",\n \"Die Software kann vor Risiken wie Mobbing, Depressionen, Gewalt oder Suchtmittelmissbrauch warnen.\",\n \"Es besteht ein striktes Verkaufsverbot für Nutzerdaten durch die Anbieter der Sicherheitssoftware.\",\n \"Die Federal Trade Commission (FTC) überwacht die Einhaltung der Regeln und die Registrierung der Softwareanbieter.\"\n ],\n \"fr_ai_title\": \"Loi Sammy : Nouveaux outils de protection des mineurs sur les réseaux sociaux\",\n \"fr_summary\": \"Cette loi oblige les grandes plateformes sociales à permettre l'utilisation de logiciels de sécurité tiers pour protéger les enfants. Elle permet aux parents et aux mineurs de déléguer la surveillance de leurs comptes à des outils spécialisés contre les dangers en ligne.\",\n \"fr_key_points\": [\n \"Les grandes plateformes doivent ouvrir des accès techniques (API) aux logiciels de sécurité certifiés.\",\n \"Les parents d'enfants de moins de 13 ans et les mineurs jusqu'à 17 ans peuvent autoriser ces outils de protection.\",\n \"Ces applications peuvent signaler des risques tels que le harcèlement, la dépression, la violence ou l'exploitation.\",\n \"Interdiction formelle pour les fournisseurs de logiciels de sécurité de vendre les données des utilisateurs.\",\n \"La Commission fédérale du commerce (FTC) est chargée de superviser l'application de la loi et d'agréer les logiciels.\"\n ],\n \"es_ai_title\": \"Ley de Sammy: Nuevas herramientas de seguridad infantil en redes sociales\",\n \"es_summary\": \"Esta ley exige que las grandes redes sociales permitan el uso de aplicaciones de seguridad de terceros para proteger a los menores. Facilita que padres y jóvenes deleguen la supervisión de sus cuentas para prevenir riesgos digitales.\",\n \"es_key_points\": [\n \"Las grandes plataformas deben ofrecer acceso técnico (API) a proveedores de software de seguridad registrados.\",\n \"Padres de menores de 13 años y jóvenes de hasta 17 años pueden autorizar el monitoreo de sus perfiles.\",\n \"El software puede alertar sobre peligros como el acoso, la depresión, la violencia o el consumo de sustancias.\",\n \"Se prohíbe estrictamente a los proveedores de seguridad vender los datos de los usuarios obtenidos.\",\n \"La Comisión Federal de Comercio (FTC) supervisará el cumplimiento y gestionará el registro de las aplicaciones.\"\n ],\n \"it_ai_title\": \"Legge di Sammy: Nuovi strumenti per la sicurezza dei minori sui social media\",\n \"it_summary\": \"Questa legge impone alle grandi piattaforme social di consentire l'integrazione di software di sicurezza esterni per proteggere i minori. Genitori e ragazzi potranno usare app specializzate per monitorare i rischi e gestire la privacy online.\",\n \"it_key_points\": [\n \"Le grandi piattaforme devono garantire l'accesso tecnico (API) a software di sicurezza certificati.\",\n \"I genitori di minori di 13 anni e i ragazzi fino a 17 anni possono delegare il controllo del profilo a queste app.\",\n \"Il software può segnalare minacce come bullismo, autolesionismo, depressione o sfruttamento online.\",\n \"Vige il divieto assoluto di vendita dei dati degli utenti da parte dei fornitori di software di sicurezza.\",\n \"La Federal Trade Commission (FTC) sarà responsabile del controllo, delle sanzioni e della registrazione dei fornitori.\"\n ],\n \"nl_ai_title\": \"Sammy's Wet: Nieuwe veiligheidshulpmiddelen voor kinderen op sociale media\",\n \"nl_summary\": \"Deze wet verplicht grote sociale mediaplatforms om externe veiligheidssoftware toe te staan om kinderen te beschermen. Ouders en jongeren kunnen hiermee het beheer van hun accounts delegeren aan gespecialiseerde apps.\",\n \"nl_key_points\": [\n \"Grote platforms moeten technische toegang (API's) bieden aan geregistreerde veiligheidssoftware van derden.\",\n \"Ouders van kinderen onder de 13 en jongeren tot 17 jaar kunnen toezicht uitbesteden aan deze apps.\",\n \"De software kan waarschuwen voor risico's zoals pesten, depressie, geweld of online misbruik.\",\n \"Het is voor aanbieders van veiligheidssoftware ten strengste verboden om gebruikersgegevens te verkopen.\",\n \"De Federal Trade Commission (FTC) houdt toezicht op de naleving en de registratie van softwareleveranciers.\"\n ],\n \"pt_ai_title\": \"Lei de Sammy: Novas ferramentas de segurança infantil nas redes sociais\",\n \"pt_summary\": \"Esta lei exige que as grandes redes sociais permitam o uso de aplicações de segurança de terceiros para proteger menores. Permite que pais e jovens deleguem a monitorização de contas para evitar perigos online.\",\n \"pt_key_points\": [\n \"Grandes plataformas devem fornecer acesso técnico (APIs) a fornecedores de software de segurança registados.\",\n \"Pais de menores de 13 anos e jovens até aos 17 anos podem autorizar a gestão das suas contas por estas apps.\",\n \"O software pode alertar para riscos como bullying, depressão, violência ou exploração online.\",\n \"Proibição total de venda de dados de utilizadores por parte dos fornecedores de software de segurança.\",\n \"A Comissão Federal de Comércio (FTC) fiscalizará o cumprimento das normas e o registo das empresas de software.\"\n ],\n \"category\": [\"Informatization\", \"Security\", \"Media and Culture\"]\n}" } ] }