The policy states that Epic uses Kids Web Services Ltd, a subsidiary, to verify parent/guardian email addresses and user ages for Cabined Account consent purposes. Once verified, the KWS system recognizes the verified email across all services using KWS technology, eliminating repeat verification.
This analysis describes what Unreal Engine's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes that parental consent and age verification are processed by a subsidiary (Kids Web Services Ltd) and that verified credentials are shared across all KWS-powered services. Compliance teams should evaluate whether this cross-service recognition mechanism is disclosed with sufficient specificity under COPPA and GDPR to constitute adequate informed consent, and whether the processing of parental email data by a subsidiary constitutes a sub-processor arrangement with appropriate contractual safeguards.
Interpretive note: The policy does not fully specify the scope of third-party services covered by the cross-service KWS verification recognition, creating ambiguity about the extent of parental consent coverage across non-Epic platforms.
Under this provision, a parent or guardian who verifies their email through KWS will have that verification recognized across all games and services using KWS technology operated by Epic or third-party partners. The cross-service scope of this recognition may extend beyond Epic's own services to third-party platforms using KWS.
How other platforms handle this
If you consent to receive calls and SMS text messages from Redfin, that consent is exclusive to Redfin and its partners and affiliates, and is collected solely for the purpose of obtaining your permission to call or text you as part of providing you with the Services or to send you marketing message...
By creating an Affirm account or using the Services, you consent to receive electronically all communications, agreements, documents, notices and disclosures (collectively, 'Communications') that Affirm provides in connection with your Affirm account and use of the Services. Communications include, ...
If you choose to open an Account, Afterpay may send you SMS messages. You agree to receive SMS messages at any time of day to each telephone number provided by you to Afterpay, regardless of whether such telephone number is on a corporate, state or federal do-not-call registry. You certify, represen...
Monitoring
Unreal Engine has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We use Kids Web Services ("KWS"), a service offered by our subsidiary Kids Web Services Ltd, for parent/guardian and user age verification purposes. Once an email address is verified, KWS will recognize it across other games or services powered by KWS technology, so there will be no need to verify it again. When a parent/guardian provides consent for a non-Cabined Account for their child, parental controls are enabled automatically.— Excerpt from Unreal Engine's Epic Games Privacy Policy
1) REGULATORY LANDSCAPE: This provision engages COPPA's verifiable parental consent requirements (16 CFR 312.5) and GDPR Article 8's conditions for processing children's data. The FTC enforces COPPA's consent mechanism standards. The cross-service recognition of parental email verification may require evaluation under GDPR's purpose limitation principle if the initial consent scope does not explicitly cover use by third-party services. 2) GOVERNANCE EXPOSURE: Medium. The policy discloses the KWS mechanism and its subsidiary relationship, providing transparency. However, the extent to which the KWS cross-service recognition applies to third-party services not operated by Epic is not clearly scoped in the excerpted policy text, which may create disclosure adequacy concerns. 3) JURISDICTION FLAGS: United States (COPPA, FTC enforcement), EU/EEA (GDPR Article 8), UK (UK GDPR and the Age Appropriate Design Code). The cross-service recognition mechanism warrants particular scrutiny under GDPR's purpose limitation requirements in EU/EEA jurisdictions. 4) CONTRACT AND VENDOR IMPLICATIONS: Third-party developers using KWS technology as a service should assess whether their own privacy notices adequately disclose the cross-service verification recognition mechanism and whether parental consent obtained through KWS covers the full scope of their data processing. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should confirm that the KWS consent mechanism satisfies COPPA's verifiable parental consent standard as interpreted under the FTC's updated COPPA rule. The data processing agreement between Epic Games, Inc. and Kids Web Services Ltd should be reviewed to confirm sub-processor obligations under GDPR are satisfied. The scope of cross-service email recognition should be clearly disclosed in all applicable privacy notices.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes that parental consent and age verification are processed by a subsidiary (Kids Web Services Ltd) and that verified credentials are shared across all KWS-powered services. Compliance teams should evaluate whether this cross-service recognition mechanism is disclosed with sufficient specificity under COPPA and GDPR to constitute adequate informed consent, and whether the processing of parental email data by …
Under this provision, a parent or guardian who verifies their email through KWS will have that verification recognized across all games and services using KWS technology operated by Epic or third-party partners. The cross-service scope of this recognition may extend beyond Epic's own services to third-party platforms using KWS.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Unreal Engine.