🇺🇸 Live Privacy & Data Protection

COPPA

Imposes requirements on operators of websites and online services directed to children under 13, including obtaining verifiable parental consent before collecting personal information. Applies to commercial website and app operators.

View official source document

Rules extracted

156

Obligations decomposed

12.0x

Avg obligations per rule

🇺🇸 United States

Jurisdiction

What AuditDSS covers

Source

Regulation

Extracted

Rules

Decomposed

156

Obligations

12.0x

Decomposition ratio

Each rule is decomposed into an average of 12.0 atomic obligations — the smallest testable units that can be independently violated.

Fully extracted & scored

All 156 obligations have been decomposed, titled, risk-scored, and embedded for semantic matching.

Risk scoring

Every obligation in COPPA is scored across independent risk dimensions:

Obligation Weight

How critical within the regulatory framework

Violation Likelihood

How often breached in practice

Enforcement Evidence

Regulator enforcement history and penalties

Cascade Dependency

How many obligations depend on this one

Regulatory details

Full title: COPPA
Regulatory body: Federal Trade Commission
Jurisdiction: 🇺🇸 United States
Document type: regulation
Effective date: April 21, 2000
Industry: Privacy & Data Protection
Official source: View source document ↗

Who this applies to

websites directed at childrenonline servicesmobile appsconnected toysed-tech platforms

Key requirements

verifiable parental consent
privacy notice requirements
data minimization for children
parental access and deletion rights
confidentiality and security
safe harbor programs

Frequently asked questions about COPPA

What is COPPA?

Who does COPPA apply to?

COPPA applies to websites directed at children, online services, mobile apps, connected toys, ed-tech platforms.

How many obligations does COPPA contain?

AuditDSS has decomposed COPPA into 156 atomic obligations from 13 rules. Each obligation is independently testable and risk-scored.

What are the key requirements of COPPA?

The key requirements include: verifiable parental consent, privacy notice requirements, data minimization for children, parental access and deletion rights, confidentiality and security, safe harbor programs.

How can I assess my COPPA compliance?

Upload your compliance policy to AuditDSS. The platform maps your document against all 156 COPPA obligations using deterministic AI scoring — not checklists or LLM summaries. You get a risk-scored gap analysis showing exactly which obligations are covered, partially covered, or missing.

Which jurisdiction enforces COPPA?

COPPA is enforced in United States by Federal Trade Commission.

When did COPPA come into effect?

COPPA became effective on April 21, 2000.

What industry does COPPA apply to?

COPPA is primarily relevant to the Privacy & Data Protection industry. AuditDSS covers 71 regulations in this industry sector.

Build a COPPA compliance pack

Don't have a compliance policy yet? AuditDSS generates a complete compliance pack for COPPA — alone or combined with other regulations your business needs. Every clause is mapped to specific obligations.

Policy

High-level commitments and governance framework covering COPPA requirements.

Procedures

Step-by-step operational procedures to implement each policy commitment.

Forms & checklists

Ready-to-use forms, registers, and checklists for day-to-day compliance operations.

Multi-regulation

Combine COPPA with other regulations into a single unified compliance pack for your business.

Build COPPA compliance pack

Already have a policy? Assess it against COPPA

Upload your document

Upload your compliance policy, program manual, or operational document. AuditDSS accepts any text-based document.

AI maps against 156 obligations

Your document is scored against every obligation in COPPA. Each claim is mapped to the obligation tree and evaluated for coverage.

Risk-scored gap report

Receive every gap ranked by risk priority with remediation guidance, enforcement evidence, and cascade impact analysis.