South Carolina AADC Compliance: Timeline and the Law’s Nine Core Elements
South Carolina’s Age-Appropriate Design Code (AADC) law not only introduces new obligations for businesses but also establishes a clear compliance timeline and a set of nine statutory elements that shape how those obligations are implemented. Understanding both the timing and substance of these requirements is critical for organizations preparing to comply.
This blog outlines the key deadlines and breaks down the law’s core elements to help stakeholders navigate what comes next.
Law takes effect: All substantive requirements active. Default protections, dark pattern prohibition, targeted advertising ban for minors, parental controls — all live.
MARCH-APRIL
Retain independent auditor: Auditor must be genuinely independent. Engagement letter, scope agreement, and access protocols should be finalized. Statutory scope covers all nine required report elements.
APRIL-JUNE
Audit fieldwork and report drafting: Full access to design systems, data practices, algorithm documentation, incident and harm reports, and age-verification methods. Expert consultation on minors' use required by statute.
JULY 1, 2026
Report due to Attorney General: Completed public report submitted to SC AG, who posts it on his website. Late or incomplete reports expose covered services to enforcement action, treble damages, and potential officer liability.
ANNUALLY
Recurring obligation: Businesses must undergo an independent audit and submit a new report every year by or before July 1. This is not a one-time compliance exercise.
The 9 Required Report Elements (§ 39-80-70(A))
Elements 8 and 9, age verification methods and algorithm descriptions, are particularly sensitive for many platforms. These sections will require careful coordination among technical, product, and legal teams before finalization, and significant legal review before public disclosure. Unlike a confidential internal DPIA, this report will be publicly posted. Every word is a public record.
BBB National Programs brings the credibility and rigor that a public audit requires. We do not prepare reports designed to look complete. we prepare reports that are complete.
Our audit engagements are structured around the law's nine required report elements, with a methodology that satisfies South Carolina's requirement for auditors to ‘follow inspection and consultation practices designed to ensure that reports are comprehensive and accurate,’ including the statutory mandate to consult with experts on minors' use of covered online services.
Reach out for a free consultation.
Are you one of our COPPA Safe Harbor participants? Unlock preferred pricing and a fast-track application process.
This blog outlines the key deadlines and breaks down the law’s core elements to help stakeholders navigate what comes next.
Compliance Timeline
FEBRUARY 5, 2026Law takes effect: All substantive requirements active. Default protections, dark pattern prohibition, targeted advertising ban for minors, parental controls — all live.
MARCH-APRIL
Retain independent auditor: Auditor must be genuinely independent. Engagement letter, scope agreement, and access protocols should be finalized. Statutory scope covers all nine required report elements.
APRIL-JUNE
Audit fieldwork and report drafting: Full access to design systems, data practices, algorithm documentation, incident and harm reports, and age-verification methods. Expert consultation on minors' use required by statute.
JULY 1, 2026
Report due to Attorney General: Completed public report submitted to SC AG, who posts it on his website. Late or incomplete reports expose covered services to enforcement action, treble damages, and potential officer liability.
ANNUALLY
Recurring obligation: Businesses must undergo an independent audit and submit a new report every year by or before July 1. This is not a one-time compliance exercise.
What the Audit Report Must Cover: The 9 Statutory Elements
Section 39-80-70(A) specifies nine elements that every independent audit report must include. This is a defined statutory scope — not a general best-practices review — and covered services must be prepared to support each element with documentation and operational access.The 9 Required Report Elements (§ 39-80-70(A))
- The purpose of the covered online service.
- The extent to which the service is likely to be accessed by minors.
- Total number and types of harm reports generated and how those reports were handled.
- Whether, how, and for what purpose minors' personal data and sensitive personal data are collected or processed.
- Design safety measures, privacy protections, and parental tools adopted.
- Whether and how covered design features are used: infinite scroll, autoplay, gamification, engagement quantification (likes/views), notifications, in-game purchases, appearance-altering filters.
- Process for handling data access, deletion, and correction requests for minors' data.
- Age verification or estimation methods used.
- Description of algorithms used by the covered online service.
Elements 8 and 9, age verification methods and algorithm descriptions, are particularly sensitive for many platforms. These sections will require careful coordination among technical, product, and legal teams before finalization, and significant legal review before public disclosure. Unlike a confidential internal DPIA, this report will be publicly posted. Every word is a public record.
Why the Public Nature of the SC Audit Changes Everything
Because the South Carolina report becomes public, posted on the Attorney General's website, the audit is not just a compliance exercise. It is a public document that will be read by regulators in other states, plaintiffs' attorneys, advocacy organizations, and journalists. A poorly scoped, incomplete, or strategically evasive audit report creates reputational and legal exposure that far exceeds the cost of doing it thoroughly. However, this publication can also be an opportunity to distinguish your company from competitors in being a safer platform for children.BBB National Programs brings the credibility and rigor that a public audit requires. We do not prepare reports designed to look complete. we prepare reports that are complete.
How BBB National Programs Can Help
BBB National Programs has built its practice around the intersection of technology design, data governance, and children's digital privacy — the exact overlap that the South Carolina AADC puts under the microscope. We provide the independent third-party audit services that § 39-80-70 requires, with deep expertise in minor-facing platforms and the statutory compliance frameworks that the law demands.Our audit engagements are structured around the law's nine required report elements, with a methodology that satisfies South Carolina's requirement for auditors to ‘follow inspection and consultation practices designed to ensure that reports are comprehensive and accurate,’ including the statutory mandate to consult with experts on minors' use of covered online services.
Reach out for a free consultation.
Are you one of our COPPA Safe Harbor participants? Unlock preferred pricing and a fast-track application process.