A Senate bill designed to protect children from AI chatbots is drawing fire from civil liberties advocates who say it would do something far more dangerous: build the infrastructure for identity-linked online surveillance while restricting access to constitutionally protected speech.
The GUARD Act, introduced by Sen. Josh Hawley, would mandate age verification for accessing “AI companions,” the category of AI systems designed for human-like conversational interactions. Users under 18 would be banned entirely.
What the GUARD Act actually requires
The bill’s core mechanism is mandatory age verification, but not the kind where you click a checkbox confirming you’re over 18. Self-attestation is explicitly ruled out.
Instead, the GUARD Act demands real-world identifiers. Think financial records, government-issued documents, or other identity-linked data points. In English: to chat with an AI, you’d need to prove who you are in the real world, creating a paper trail connecting your identity to your online activity.
The original version of the bill cast a wide net, covering nearly all AI chatbots. After pushback from civil rights organizations, lawmakers narrowed the scope to focus specifically on “AI companions,” a more targeted category. But the age verification requirements remained strict, and the fundamental concerns about privacy and speech haven’t gone away with the narrower definition.
Defining what qualifies as an “AI companion” versus a regular chatbot is not a trivial exercise. The line between a customer service bot, an educational AI tutor, and a conversational companion gets blurry fast. That ambiguity creates risk for developers who might over-comply to avoid liability, effectively restricting access to tools that were never the bill’s intended target.
The First Amendment problem
The bill doesn’t just add friction to access. It creates a categorical ban for an entire age group. Critics argue this goes well beyond what existing legal frameworks allow, even for content that might be deemed harmful to minors.
The Electronic Frontier Foundation has been particularly vocal, characterizing the law as a privacy-infringing surveillance measure. Their argument is straightforward: mandatory identity verification doesn’t just affect minors. It affects everyone, because every user must prove their age to access the service. That means adults hand over sensitive personal data just to have a conversation with software.
The EFF also warns that the bill could limit teenagers’ access to vital digital tools, and that the chilling effect extends beyond individual users. Developers and companies building AI tools face a compliance landscape where the safest legal strategy is to restrict more, not less. When the penalty for getting age verification wrong is severe, the rational business decision is to overblock. That means legitimate educational uses, mental health support tools, and creative applications could all become collateral damage.
The surveillance infrastructure concern
Once platforms are required to collect and verify real-world identity documents, that data infrastructure doesn’t disappear when the policy debate moves on. It becomes a permanent feature of how people interact with AI systems, a database linking real identities to digital conversations.
The EFF’s framing is blunt: this is surveillance architecture dressed up as child safety legislation. Systems that verify identity necessarily collect identity, and collected data is data that can be breached, subpoenaed, or repurposed.
Age verification mandates create barriers to entry that disproportionately affect smaller companies and open-source projects. A large tech firm can absorb the cost of building identity verification infrastructure. A two-person startup building an educational AI cannot.
What this means for the AI industry
The narrowing from “all AI chatbots” to “AI companions” shows that lobbying and public comment periods can shape the final text. But the core architecture of identity verification survived that revision intact.
For users, the practical impact depends entirely on how broadly “AI companion” gets defined in regulatory implementation. If the definition stays narrow, most people won’t notice. If it expands through rulemaking or judicial interpretation, the verification requirement could touch a much wider range of AI interactions than the bill’s sponsors currently suggest.
