Earlier this year, we wrote a blog about the landmark settlement between the US Federal Trade Commission (FTC) and HoYoverse, creators of the popular video game “Genshin Impact” (the “Genshin Impact Settlement”). The Genshin Impact Settlement sets new expectations for how online products operating in the US market handle age gating, verifiable parental consent (VPC), and loot boxes.

Here’s how k-ID helps you meet these standards not only in the US but also globally 🌍, efficiently ⚡, and with a seamless user experience ✨.

Age Gate

Our Age Gate APIs (/age-gate/get-requirements) automatically determine the age gate requirements for each user based on their location and local law, including:

• Whether an age gate is required, and

• What type(s) of age gates are acceptable.

👉 Try out our Age Gate API in the interactive demo below.

This dynamic, location-based approach is both effective and adaptable:

1. The US approach is clear (but not universal): The FTC has long held that “mixed audience” online services must employ a neutral age-screening mechanism to determine users’ ages. It’s important to recognise that while the US “gold standard” is influential, it doesn’t always align perfectly with every jurisdiction. For example, even if you fully comply with the Genshin Impact Settlement’s age gating requirements, you might still fall short in countries like South Korea, where you must collect the user’s full legal date of birth, not just their age. Our Global Compliance Database and APIs lay out these requirements for you, eliminating the need for manual research and saving your team valuable time and resources.
   

2. You don’t have to apply the US standard everywhere: If your product operates in multiple jurisdictions, k-ID helps you to tailor your age gate approach by market.

Verifiable Parental Consent

At first glance, VPC might seem straightforward: just find the child’s parent and get their consent. But in practice, building a compliant and user-friendly VPC flow raises a host of complex questions, such as:

• How do I make parental consent “verifiable”? What are the accepted methods for verifying that the person giving consent is an adult (and not a child attempting to consent on their own behalf), and how can I do this verification in a privacy-preserving manner?

• What information must I provide to parents as part of the consent process? How do I translate dry legalese into clear, parent-friendly language that remains legally compliant? (Note: it’s a common misconception but under COPPA, a direct notice must be separate from the company’s general privacy policy, and the required disclosures are extremely specific.)

• How do I make parents feel like they have meaningful control over their child’s access to individual features? (Note: starting in 2026, the FTC will require any non-integral disclosures of a child’s personal information to third parties to have a separate opt-in consent: no more “take it or leave it” consent forms!)

Beyond strict regulatory requirements, there are also important user experience considerations:

• Do I need to block all access until VPC is obtained, or can I allow limited access in the meantime?

• Should I always present the VPC challenge upfront, or only when a child tries to access a regulated feature?

• How do I optimise the VPC flow across multiple platforms — VR, console, mobile, desktop?

In the past, companies building their own solutions would have to tackle all these complicated issues themselves. Today, however, k-ID takes care of all of this through a seamless and easy-to-use VPC flow.

👉 Experience our VPC flow in the interactive demo below.

k-ID is purpose-built to handle all the complexity for you. Our platform doesn’t just automate the VPC process — it adapts in real time to the latest regulations across every market you operate in. We translate legal requirements into clear, actionable steps, and make sure your VPC flow is always up-to-date, privacy-preserving, and easy for both parents and kids to use.

Imagine answering all of the above questions (and more) — not just for COPPA and the Genshin Impact Settlement — but for every US state and every country where you operate. Our Global Compliance Engine automates these complex requirements for you and delivers seamless, compliant solutions so that you can scale globally with confidence.

Differentiating Young Players for Loot Boxes

Configurable Compliance, Made Simple:

In the wake of the Genshin Impact Settlement, HoYoverse was required to obtain VPC for all players under 16 for in-app purchases. That said, since none of the underlying statutes (neither COPPA nor the FTC Act) explicitly mentions an age threshold for loot boxes, and since the FTC Commissioners themselves were split on their loot box analysis, the rule right now is somewhat unclear. Using our 5-point “Necessity” scale (Best Practice / Regulator-Issued Guidance / Inferred Legal Requirement / Mandatory Legal Requirement / Known Enforcement) — which allows you to tailor your compliance strategy based on your risk tolerance — we set a threshold age for loot boxes in the US as an Inferred Legal Requirement, with 16 as the conservative age, and 13 as the minimum viable age.

Suppose your game features loot boxes and your compliance strategy is set to respect Mandatory Legal Requirements only. This generally means that your loot boxes would not require VPC in the United States. That said, if you wanted to get VPC for just loot boxes in the US without changing your overall compliance strategy, k-ID gives you that granular control in a few ways.

👉 Try this out in our Developer Portal with the interactive demo below.

Whether you need a straightforward compliance solution or advanced configurability, k-ID lets you approach compliance with confidence, flexibility and ease.

Final Thoughts

By leveraging k-ID, you can:

• Streamline onboarding and reduce friction for users

• Ensure global reach without unnecessary barriers

• Stay ahead of evolving legal requirements with minimal engineering effort

👉 Want to get started? Contact us or explore our Developer Docs to get started.