Children under 13 cannot have a Microsoft account unless a parent or guardian creates and manages the account using Microsoft Family Safety features.
Children under 13 using Microsoft services without a properly configured Family Safety account are at risk of having personal data collected without the parental consent required by U.S. law, exposing both the child and any institutional operator to COPPA liability.
How other platforms handle this
We want to make sure that AI is not used to undermine the ability of humans to make informed choices about who governs them, so we are particularly careful about building tools that could be used for political ads, propaganda, or targeting strategies based on political ideology.
You will: (a) be solely responsible for all use of the Services and Documentation under your account and the Customer Services; (b) not transfer, resell, lease, license, or otherwise make available the Services to third parties (except to make the Services available to your End Users) or offer them ...
Customer may only use the Services if Customer is of legal age to enter into these Terms according to the applicable laws and regulations in Customer's jurisdiction (and, in the case of Figma AI, only if 18 years old or older).
If a child under 13 is using a Microsoft account without parental setup, they are in violation of the agreement and their data may be collected without legally required parental consent under COPPA.
REGULATORY FRAMEWORK: This provision directly engages COPPA (15 U.S.C. §§6501–6506) and its implementing regulations at 16 CFR Part 312, which require verifiable parental consent before collecting personal information from children under 13. The FTC is the primary enforcement authority. For EU users, GDPR Art. 8 sets the digital consent age at 16 (with member state derogation to 13), and the Irish DPC's guidance on children's data privacy (2021) creates additional obligations. The UK Age Appropriate Design Code (Children's Code) imposes heightened design and data minimization requirements for services accessible to under-18 users.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.